An IP Reputation (IPR) service blocks botnet, malware and other malicious traffic by IP address. An IP addresses’s reputation and subsequent decision to allow or block, is derived by evaluating information gleaned via a worldwide network which monitors and reports the IP addresses involved in attacks and other bad behavior across the Internet.
As of January, 2014 dinCloud has rolled out this service using www.threatstop.com to ALL datacenters for ALL cloud customers worldwide for FREE. All inbound and outbound traffic is checked 24x7x365. From day 1 of implementation, the threatstop system began repelling up to 1,000 attacks a day inbound. Fortunately we aren’t seeing any outbound threats; this means that no customers in our Cloud are communicating with botnet networks or otherwise spreading malware. That’s a good sign that our other security measures are working! Nonetheless, as 2014 continues we will further enhance our offerings and the security around them.
We have had zero false positives as this highly effective system doesn’t use mere signatures but instead relies upon actual data tied to real IP addresses known to be wreaking havoc on the Internet in real-time or in recent history. Thus, all malicious actors get stopped at the Internet edge of our Cloud, making this noise one less thing the dedicated customer level Vyatta firewalls have to deal with.
Here’s what the threatstop system is blocking:
# of IP’s/Records = 86,073/1,093
The core ThreatSTOP service. The IP addresses on the BASIC active threat list are the worst current sources of attacks, spam, and malware, and the currently active Botnet Command and Control servers. Connections from these addresses will be blocked, and if a system inside your network attempts to connect out to these addresses, it is most likely infected with malware and needs to be cleaned.
# of IP’s/Records = 8,188,321/2,027
This active threat list includes a deeper look into the currently active sources of malware, network attacks, fast-flux botnets, crime hosting networks, phishing and browser hijacking sites, and the current Cymru Bogon List.
# of IP’s/Records = 66,944/1,156
This list contains known C&C addresses of major botnets such as ZeuS and is critical to stop the call home.
These efforts are just one more way that dinCloud is taking Cloud security to a whole new level.
Why? Because anything that isn’t secure, isn’t usable.
Best wishes. —/\/\ike Chase EVP/CTO dinCloud.com