Data Sheet

Threat Intelligence

By / 18th Jul 2018

 

Threat Intelligence

Threat Feeds

The detailed threat feed API can be integrated in a variety of different ways - from a simple Slack Channel to a custom API integration that feeds a particular threat score into one or more micro-service. For example, the shopping cart abuse threat score can feed into the cart API, and the Account Takeover threat score can be applied to the access and control API used for single-sign on.

Threat Score Breakdown

From the Netacea console above we can see an example of the core behavioural analysis that makes up the overall threat score. Rather than provide one consolidated number, we provide a comprehensive set of threat indexes, which you can use to power an integrated threat intelligence feed into your environment of choice.

We aggregate IP and user agents into behavioural visitor types, and show their actual behaviour across your domain. For example we show the detailed score for the following bots categories based on the behaviour.

• Scraper Score
• ATO Score
• Fake Web Scraper

For each of the visitors, we add:

Digital Provenance and Reputation

Rather than rely on our own shared intelligence footprint, we’ve built an ingest engine that can pull in data from multiple sources. We have integrated BrightCloud the biggest AI driven database into our platform. Our platform allows us to integrate reputational analysis from leading security players -Cisco, F5, Citrix, Aruba and PaloAlto, to provide the best shared intelligence in the industry. Using this we are able to monitor 12 million IP’s a day, scan 40 million endpoints and plug in the intelligence data from 4 billion IP’s that have been pro-actively crawled.

Real Browser Flag

Does the browser pass our Proof of Work HashCash algorithm.

Fingerprinting

We use a digital fingerprint to track and trace the bots so we can aggregate their behaviour by visitor class.

As shown below the threat feed shows the detailed breakdown per behavioural attack time over time - for example, below is the Account Takeover Threat feed and the overall aggregated threat score for all the threat components.