Public policy creates significant risks to businesses. Every day, a business must be aware of policy shifts and changes. Watch the video below as the ThreatSTOP staff discusses the solution to these public policy risks.
It is almost impossible for businesses to keep up with public policy changes. This is particularly true when it comes to sanctions. A business that violates a sanctions law, intentionally or not, will face serious penalties. They may receive fines, be denied access to banks, or even do time in jail. There are only two ways to avoid being penalized for breaking sanctions laws: show you have measures in place to try to comply with sanctions or have solid solutions for business risk that will keep you from breaking these laws in the first place.
It's not enough to know what sanctions are in place. You have to be able to enforce them. You need to observe these policies, which can change on a daily basis. You could send every order you place to an analyst for case-by-case decisions about whether or not it is okay to do business with specific areas. This will delay your business, costing you time and money. A better option is one-click compliance.
Using one-click compliance allows your devices to decide which orders are permitted and which are not. ThreatSTOP uses a database that has constantly updated threat intelligence. It allows you to place orders without having to worry if you are violating current sanctions.
ThreatSTOP will help you lower your business risks of violating public policies and sanctions. We will also save you time and money with programs like one-click compliance. ThreatSTOP is affordable, accurate, and easy to implement. Give us a call today.
Learn More:
What DNS Security Does A Typical Enterprise Need?
Video Transcript
0:05 Intro
0:51 Solution
1:25 Business Delays
2:44 Operationalizing Compliance
3:18 Results
0:05 Intro
So the thing here is that public policy creates business risks. If you don't enforce sanctions, you can be penalized in a number of different ways; fines, you can be denied access to banks, you can go to jail, and the issues right now are who controls what changes daily, the sanctions frequently change as well, and you also have to be careful about where you're operating from where the sanctions may be different from a different country. So you really don't want to run the risk of running afoul of these, but keeping track of them is a pretty big problem.
0:51 Solution
So what's the solution? Supposing you're sitting it and you get an order. I desperately need some parts for our nuclear reactor. If you're in Chornobyl, what's the right answer today? The right answer today is it's okay. Back in February when the Russians were owning Chornobyl, it wasn't okay, February of 2021, ‘22 rather. The Zapparisa facility is still under Russian control, so your answer would have to be no.
1:25 Business Delays
So how do you do this? Well, first of all, compliance should not delay business. If you want to have websites and electronic commerce and all like that, you don't really want to have to send each order to an analyst for examination and have them make a case-by-case decision delaying the deal or perhaps doing the research on whether or not it's okay.
What you'd really like to do is to have what we call one-click compliance where your network devices decide who can place orders and filter out the ones that are not committed and allow the ones that are permitted to go through. How could they possibly do that?
At ThreatSTOP, the way we enable you to do this is we have constantly updated threat intelligence. For example, OFAC rules along with our other hundred different sets of rules that we have that we put into a database, and then you click on the rules that you'd like enforced in your devices. It's a little bit different for DNS servers and routers, we'll talk about that later in the presentation, but you can make these decisions in an automated and timely way.
2:44 Operationalizing Compliance
So the steps again are, first of all, gather the threat intelligence, assemble it, filter it, edit it, and then have automatic updates. You can figure out how to do this all by yourself but you'll find out that it's a pretty complicated task to do in a reliable and real-time manner. The other thing that needs to be done is you probably want to look at your logs, hopefully in an automated way, and find out whether or not you've made any mistakes or whether the rules are changed.
3:18 Results
So the result that we hope for stop working with Fiveby, which is the company that supplies some of these compliance details, is that you have this information distributed to your DNS servers, your firewalls, your routers, your switches, your endpoints on your SIEM so that the data is available in a timely way.
You can filter both by IP and by DNS, and it's simple. It's one pane of glass, one website that controls the distribution and your selection of rules. It's affordable, accurate, and easy to implement.