Modern cybercriminals use numerous techniques to hide their identities and activities, such as encrypted communications, DNS cache poisoning, URL redirection, hyperlink obfuscation, etc. However, every packet on the internet has a source IP address and a destination IP address, so disabling inbound and outbound communications to and from known malicious IPs is highly effective. But how can administrators differentiate between an employee chatting online with an associate in Eastern Europe and an attack on the corporate network?
The BrightCloud IP Reputation Service helps network and security vendors augment their customers' defenses by adding a dynamic IP reputation service. Through a continuously updated feed of known malicious IP addresses, IT security administrators can easily identify threats and protect their networks. With this service, the time required to identify new and existing IP threats is drastically reduced, and administrators gain visibility into the types of threats, as well as historical and geo-location data, to make better informed threat decisions.
Rather than using static, rapidly out-of-date public blacklists, the BrightCloud IP Reputation Service delivers dynamic IP Reputation data in near real time (every 5 minutes) to network devices. Powered by the Webroot® Intelligence Network, which uses a big data architecture to provide the most comprehensive and accurate threat intelligence available today, this service monitors 4.3 billion IP addresses to provide a constantly changing blacklist of approximately 12 million dangerous IPs at any given time. Users can also access additional meta data around the IPs, including its BrightCloud IP Reputation score, which provides predictive threat intelligence on how much risk an IP has of delivering attacks.