You appear to have an older browser. Brightcloud is best viewed using modern, standards compliant browsers like Internet Explorer 7 or above or Firefox. Click either link to upgrade today and see how much better the web can look!
Brightcloud by Webroot

Find Out More

Learn about Webroot IP Reputation

Webroot IP Reputation Service

Background

The dynamic and complex nature of today's Internet provides rich resources but also generates undesirable traffic. Inbound probing from suspicious sources consumes the processing power of edge of network devices. Outbound communication with potentially malicious sources can result in internal infections from malware, botnets, and more.

Rapidly changing IP addresses from threat sources creates demand for dynamic visibility into network traffic and the proactive protection to block attacks before they occur. Security systems must protect against continually evolving threats from spam, exploits, botnets, web attacks, scanners, and other sources across the Internet.

Overview

Webroot IP Reputation Service identifies IP addresses associated with malicious activity and publishes dynamic set of High-risk IP addresses. The service hosts IP threat data to security systems and improves visibility into malicious inbound and outbound network traffic. Webroot’s dynamic data set refreshes continuously, capturing the latest IP threats while removing IPs that are no longer a security risk.

How Webroot IP Reputation Works

Using a global threat sensor network, the Webroot Intelligence Network (WIN) identifies threats from multiple sources across the Internet and provides website and IP reputation analysis and scores.

Webroot IP Reputation Service consolidates IP threats from the WIN and publishes a dynamic data set of high-risk IP addresses. Updated threat data is delivered from the cloud within minutes. Armed with the latest intelligence and predictive risk analysis for IPs, the service reveals inbound and outbound communication with malicious IPs and enables flexible policy reporting and implementation. This provides increased visibility, which can reveal outbound communication with botnet command and control channels, and can expose malware residing within an enterprise. Additionally, by indicating undesirable traffic, the service frees a significant percentage of the workload off edge-of-network devices.

Dynamic Threat List Publication

Emerging threats are continuously captured and published, while outdated IPs that are no longer a threat are removed from the threat data. Webroot IP Reputation Service augments visibility for security systems without compromising access to legitimate IPs.

IPs remain in the threat data set for as long as they engage in malicious activity. For example, an IP committing egregious attacks (e.g., multiple SQL injection attacks over an extended period of time) will be blocked. If the offending IP maintains normal activity and its reputation improves above the malicious threshold, the IP is removed from publication. The Webroot IP Reputation Service hosts around-the-clock updates from threat intelligence gathered at the WIN.

Threats Uncovered

The WIN identifies IP addresses from a myriad of threat sources including:

  • Spam senders
  • Botnets
  • DDoS attack sources
  • Click fraud Windows exploits
  • SMB/RPC/SQL server/malware Web attacks
  • SQL injection attacks
  • Cross-site scripting
  • Application infrastructure attacks
  • Dictionary attacks Trojans and worms Scanners
  • Vulnerability probes

Benefits

  • Improves visibility into inbound and outbound network traffic
  • Enhances security enforcement decision-making
  • Enables flexible policy reporting and implementation
  • Adds a robust layer of protection
  • SMB/RPC/SQL server/malware Web attacks
  • Leverages threat expertise from the Webroot Intelligence Network (WIN)
  • Delivers continuous real-time updates around the clock

To learn more about licensing Webroot’s cloud-based security technologies, emailStrategicAlliances@Webroot.com.