ThreatWatch™ IP Reputation Service is an intelligence service that identifies internet based security threats that stem from known or suspected sources of fraudulent activity on the web.
Service Overview
The ThreatWatch™ IP reputation service is based on compiled intelligence from multiple different public and private information sources. The information is then used as a correlation source by Security On-Demand to improve the accuracy and credibility of security alerts and events. The ThreatWatch IP reputation service adds an additional layer of monitoring visibility due to the ability to monitor both incoming and outgoing connections with external IP addresses.
ThreatWatch™ is utilized in concert with Security On-Demand’s cloud-based security services that including monitoring of internal and external traffic sources and destinations. These services include managed firewall (Firewall On-Demand), managed WAF (WAF On-Demand), Intrusion Monitoring (Managed IDPS), Managed Intrusion Prevention (IPS On-Demand), and managed NAC/Endpoint IPS (NAC On-Demand/EndPoint IPS On-Demand). ThreatWatch is not sold as a standalone service and must be purchased as part of a managed security service.
Prevention Not Just Detection
ThreatWatch capitalizes on the value of utilizing the latest up to the minute threat intelligence to identify and protect against security threats. Security On-Demand can extend that protection by immediately acting on the information and blocking the traffic through the Firewall, IPS, Web Application Firewall, or NAC sensor that is protecting the network.
The blocking of traffic is customized according to each client’s network environment, data security standards, configuration policy and current security posture. Protection policies can be configured to monitor only, manually block, or automatically block based on certain pre-defined criteria. Each client’s blocking policy is designed to maximize threat protection independent of any other countermeasures that are deployed whether independently managed or as part of a managed subscription agreement.
Technology
All current offerings in the marketplace utilize IP reputation as a component in filtering spam and malicious web sites. ThreatWatch™ is not an anti-spam or Web reputation service.
ThreatWatch™ utilizes proprietary data feeds from as many as 30 unique data sources that include both public and private sources of attacker intelligence. In addition, information gathered through our own network of sensors and client information sources is also used to further identify attack trends, newly released threats, and network reconnaissance.
Our information sources are varied and include specialized as well as broadly recognized attack sources and data feeds. Specialized data intelligence sources include information on botnets, attacks launched from illegal (private) address space, and traffic that originates from countries and sources that may be associated with criminal networks.
Utilizing Security On-Demand’s unique risk-based security incident event correlation technology, IP reputation information is used to continually monitor both inbound and outbound connections for threats such as:
- Infection from Botnets & Remotely controlled hosts
- Keyloggers
- Trojans, Viruses, worms
- Malware/spyware
- Encrypted tunnels
- Phishing Sources
- Zero Day Threats
ThreatWatch works alongside and enhances IP Reputation based services that may already be employed for use with for URL Web and content filtering and e-mail anti-spam services and is not designed as a replacement for those systems. By further integrating with these solutions Security On-Demand adds greater value through correlation of other IP reputation feeds and sources.
ThreatWatch can integrate with virtually any firewall device. In addition we have developed specific integrations for use with IPS, WAF, and NAC with leading security vendors in each area.
Operations Integration
Utilizing ThreatWatch in a Security-as-a-Service or Cloud-based environment means that your organization does not have to worry about custom integration, long deployment cycles or procuring and owning additional hardware and software licenses. The ThreatWatch IP Reputation service is fully integrated into our SIM/SEIM environment which is used to monitor, triage, and block threats as they are identified and remediated in real-time within our Security Operations Center (SOC).
“ThreatWatch is an IP Reputation Service that identifies and prevents internet based security threats based on compiled intelligence regarding their historical interaction on the internet and whether a source is known or suspected to have been involved in committing fraud, computer attacks, or criminal enterprise.”