Organizations today are exposed to a variety of malicious attacks from rapidly changing IP addresses. Inbound botnet traffic, such as distributed denial-of-service (DDoS) and malware activity, can penetrate security layers and consume valuable processing power slowing down networks and applications. According to a 2015 Threat Brief, 85,000 new malicious IPs are launched every day.
F5® Silverline® Threat Intelligence is a cloud-based service incorporating external IP reputation and reducing threat-based communications. By identifying IP addresses and security categories associated with malicious activity, this managed service integrates dynamic lists of threatening IP addresses with the Silverline cloud-based platform, adding context-based security to policy decisions. Silverline Threat Intelligence is available only as an add-on managed service to either Silverline® DDoS Protection or Silverline® Web Application Firewall. All services are managed with 24x7x365 support from F5 Security Operations Center (SOC) experts, reducing risk and increasing network and application efficiency by eliminating the effort of processing threat-sourced traffic
Your dedicated F5 Networks experts
Infradata is an award-winning F5 Networks Gold Partner with advanced specialties, and the distinction of multiple certified engineers on staff. Our engineers are recognized by F5 Networks as technical experts and advocates of F5 Networks solutions. That means you can count on Infradata for the technical know-how and hands-on experience to accurately assess your business requirements, and design, implement, and manage a F5 Networks-based solution to suit your needs.
Contextual Awareness and Threat Protection
Using a frequently updated list of threat sources and high-risk IP addresses, Silverline Threat Intelligence delivers contextual awareness and analysis of IP requests to identify threats from multiple sources across the Internet. F5 SOC experts draw on the capabilities of a global threat-sensor network to detect malicious activity and IP addresses. Even when Silverline Threat Intelligence is behind a content delivery network (CDN) or other proxies, it provides protection by analyzing the real client IP addresses as logged within the X-Forwarded-For (XFF) header. This allows the SOC to easily configure alarms or block traffic from a CDN with threatening IP addresses.
Silverline Threat Intelligence identifies and blocks IP addresses associated with a variety of threat sources, including:
Anonymous proxy: IP addresses providing proxy and anonymization services, as well as The Onion Router (TOR) anonymizer addresses.
Botnets: Botnet command and control channels and infected zombie machines controlled by the bot master.
Cloud provider networks: Detects cloud-based IP addresses used in malicious threats.
Denial of service: DoS, DDoS, anomalous SYN flood, and anomalous traffic detection.
Illegal websites: Denies access to illegal IP addresses for sites on regulatory or compliance block lists due to unapproved content.
Infected Sources: When enabled, denies access to IP addresses currently known to be infected with malware or to contact malware distribution points.
Phishing proxies: IP addresses hosting phishing sites or other kinds of fraud activities, such as click fraud or gaming fraud.
Scanners: All reconnaissance, such as probes, host scan, domain scan, and password brute force.
Spam sources: Known IP address for sending or creating spam.
Web attacks: Cross-site scripting, iFrame injection, SQL injection, cross domain injection, and domain password brute force.
Windows exploits: Active IP addresses offering or distributing malware, shell code, rootkits, worms, and viruses.
Granular Threat Reporting and Automated Blocking
Armed with the latest intelligence and predictive risk analyses, F5 SOC experts incorporate Silverline Threat Intelligence to reveal inbound communication with malicious IP addresses, and enable granular threat reporting and automated blocking. This increased visibility exposes IP-based threats such as phishing attacks, attackers using anonymous proxies, and the TOR network for online attacker anonymity. Once identified, these threats are mitigated by automatically blocking traffic through SOC-selected IP categories.
Sophisticated Threat Detection and Analysis
Silverline Threat Intelligence inspects network traffic and behavioral data from all IP addresses. This information is collected, analyzed, and assigned to threat categories— providing visibility into IP address-based threats as they evolve.
Silverline Threat Intelligence identifies IP addresses, compares them to the global IP reputation database, and allows or blocks connections based on current known threats.