Data used to provide a portrait of current threats linked with IPs on the Internet, can enrich the context information of attack alerts gathered from the Internet to help remove noise, identify intention, determine threat levels and develop effective incident response strategies. Context information includes IP geographic locations, network types, organizations related to users, anonymous behaviors, threat trends, intentions of access and impacts of blocking, etc.

  • Alerts aiming to defend the security of cyber border can only be used to identify whether certain IP is malicious, and is unable to remove false positive alarms or noise from legitimate traffic, not to mention it’s difficult for such method to distinguish high-frequency random attacks from high-risk targeted attacks. Security operations members would have difficulty choosing the best strategy, or to understand how the choice of blocking IPs would influence daily work.

    IP intelligence can help determining intentions of access in a reasonable way, as well as providing clear factors related to the influence of blocking IPs. Security operations members could focus on affairs within a narrowed range and improve the effectiveness.

Avoid False Alarm
Traditional rule detection method would generate a large number of false alarms, and may identify normal attempts to gain access as attack attempts. With the help of IP intelligence, the intentions behind attempts can be identified, and related false alarms can be removed.
Identify Targeted Attacks
By providing multi-dimensional IP intelligence includes information related to anonymous behaviors, professional attack platforms and exploitations, Red-Team-related attacks and other kinds of targeted attacks can be quickly identified, and reduce the occurrence of successful attack attempts and damage caused by major threats.
Blocking High-frequency Attacks
Can provide security protection products with a list of IP reputation for consideration when blocking IPs, and help blocking high-frequency attacks such as brute-force attacks, internet mapping behaviors and automated scannings to reduce exposure of assets.
  • Identify Intention of Access

    Provide deep analysis of data related to behaviors, and help the user properly identifying incidents at different threat levels by classifying possible attack intentions.

  • Predictable Impact of Blocking

    Provide factors related to the influence of blocking, prevent business risks caused by blocking critical IPs belong to large enterprises or service providers without consideration.

  • Flexible Usage

    Both of SaaS and local platform can be provided as methods for integration and can work under different kinds of business environments. Switching between two methods would be guaranteed by a consistent Query API.

Threat Intelligence subscription
360 Threat Intelligence Platform
360 Network Traffic Threat Analysis
360 Local Security Team
360 Cyber Deception System