ThreatSTOP is a real-time IP Reputation service that prevents data loss from botnet attacks and improves network performance by plugging holes in your firewall.
Put simply it complements your firewall by answering the question ‘do I want to exchange traffic with this IP address right now’. The service offers a real-time list of approximately 5m IP addresses to which the answer to that question is ‘no’.
The attack landscape has changed. In a survey of 130 large corporations by TrendMicro, they were found to have the following infestations:
- Active malware 100%
- Information stealing malware 56%
- One or more IRC bots 72%
- Network worm 42%
Let’s repeat – 100% were found to have active malware! That goes some way to explaining why Cisco’s Q4 2010 Global Threat Report reported that global malware encounters grew by 139% in 2010.
The consequences of malware are many-fold. Malware on your own network can lead to data loss and other security breaches. Malware on other networks can lead to ordinary PCs being unwitting members of botnets and unintentional participants in DDoS attacks and the further spread of malware.
IP Reputation acknowledges that a host which was innocent yesterday, may be being used in an attack today. Conversely, a host which is bad today, may well be innocent tomorrow. In fact 15-20% of malware addresses change every day and around a third change in a week or less.
Beyond malware infested hosts being party to botnets, there are other types of hosts such as those which control them (Command and Control [C&C] servers ) and the simply criminally intent. ThreatSTOP compiles and cross-references numerous data sources (including Simwood honeypots and darknets) to provide a continuously updated list of ‘bad’ addresses. This can be loaded on to pretty much any firewall and deliver the following benefits:
- Prevent data theft. Infected hosts on your network are impotent if they cannot report in with C&C hosts.
- Reduce attack surface. Your network is effectively invisible to bad hosts.
- Reduce hardware cost. Increase network ‘goodput’ and scale for productive traffic, not peaks caused by bad traffic.
- Simple and immediate protection.
ThreatSTOP is included in the Simwood DDoS Security solution, as the second layer in multiple tiers of defence. It is also available as a product in its own right. It can represent a first step to full protection by complementing existing security solutions, but it can also complement the full Simwood solution by offering an additional layer of bespoke on-site protection. Notably, the service offers the option to block by country, maintain customer-specific block lists and include/exclude sub-lists to reflect the level of tolerance desired.
The service is subscription based with a simple annual fee based on the number and size of devices to be protected.
Please contact us for more information.