Bandura Systems grabbed the SC team's attention this month with an entry relatively unique compared to the other solutions we reviewed. PoliWall TIG is an Ethernet bridging appliance designed to shrink the coverage area your firewall needs to surveil. Bandura refers to it as a threat intelligence gateway that blocks up to 90 percent of IP threats that could otherwise invade the perimeter of a network. In this sense, PoliWall's intelligence leads to almost prescient action, taking steps to eliminate harmful data before it has a chance to interact with anything.
Typically installed between the border router and a firewall, PoliWall has two RJ45 Ethernet ports for the bridging/filtering interfaces. The appliance currently spans a total of five models, ranging in speed capacities from 300 Mbps to 10 Gbps. They also are available out-of-band or inline, depending on an organization's needs or based on product availability.
Once the device is installed, the task of creating a threat list plugin from a source, such as Anomali, is easy and requires only a simple configuration. Bandura is currently developing plugins for Symantec DeepSite, ThreatConnect, AlienVault and more as requested by customers. This is important if a- customer wishes to use a feed of his or her own not currently supported in PoliWall and requires a plugin/adapter to ingest that feed's data.
Initial setup was simple enough during our testing. The entire process took roughly 20 minutes - from out of the box to running live traffic from our test environment. Time is, in fact, a notable feature with this on-premises appliance. With 10 million threat indicators from multiple sources right out of the box, PoliWall can detect and block 100-plus million unique indicators with virtually no latency. Traffic flows in and out without the hindrance of an additional bottleneck - a solid plus for customers concerned about privacy but who do not want a cloud-based solution.
Admittedly, cloud-based solutions are not always the most useful for ingress processing, but they do represent the current trajectory of cybersecurity infrastructure. Bandura has, therefore, beta released virtual solutions in VMware and Google Cloud, and will execute projects within the next couple of months to move the solutions into Amazon AWS and Microsoft Azure environments.
But for those who prefer the box, it is an additional measure of certainty, as all threat indicators stay on the appliance and weed out suspects that have not been whitelisted in the network's IPv4 policy. We appreciated access to the cloud-based management console for the device, while the threat intelligence data flowed through to the Global Management Center.
PoliWall is an open solution in that it supports STIX/TAXII and can be easily integrated with other threat intelligence feeds and systems. It certainly complements and integrates with SIEM systems, providing additional network visibility and context while also serving as a network enforcement mechanism to enable automated responses. It is available for an annual subscription price based on the appliance throughput in either one- or three-year terms, starting at $3,250. Support is available in 8/5 or 24/7 windows, per the needs of the organization.