28 April 2019|2fA, Adaptive Authentication, Hacking, IP Reputation, Malicious, Nation State, Remote Access, Threat, Tor, VPN
Most people reading this blog (and thank you for that) will be aware of the use of IP reputation techniques to provide a level of protection in front of external services. For those that are unsure, IP reputation allows an organisation to:
- Avoid interaction with known malicious IP address
- React to users attempting to mask their IP address
- React to users attempting to mask their IP location
- Detect IP addresses used in previous cyber attacks
- Provide a risk score using positive and negative signals formed from the IP Address to allow proactive checks during a users interaction
Put simply, every public IP address has a form of digital footprint that can be assessed and analysed against a consortium of IP addresses that are known to have been involved in:
- Cyber hacktivism
- Nation State Attacks
- Cyber Espionage
- Previous Fraud attempts
As well as ip addresses that are used to hide the users real location such as:
- Tor Networks
- VPN’s – Paid and Free
- Public Proxies – Paid and Free
By leveraging intelligence from these data points, the ThreatPoint IP reputation service can provide a score and recommendation to your business to allow a decision to be made.
For example, preventing users using the Tor network from accessing your public facing website and services.
Malicious activity is detected across the ThreatPoint network, feeding back data into the consortium model. This allows for real time intelligence to be as up to date as possible. It also means that all customers using the IP reputation API are helping each other. As the service contributes IP activity back through the intelligence layer, analytical models update the consortium data to ensure all consumers are protected – realtime.
If you wish to find out more about the ThreatPoint IP reputation service please get in touch firstname.lastname@example.org
Try the service here: https://threatpoint.co.uk/ip-reputation