Discover Radware's New Service: Open the Door to Internal Cyberattack Data and Intelligence


A few weeks ago, we launched Radware Threat Intelligence service, providing all Radware customers with access to real-time cyberattack data. This invaluable resource is now available to enhance Radware services, helping customers stay ahead of emerging threats, identify the next zero-day vulnerabilities, and drive innovative security solutions.

Image: The Threat Intelligence Data Image: The Threat Intelligence Data

Radware is dedicated to protecting applications and infrastructure with AI-powered intelligent security, consistent protections and expert defense while safeguarding our customers. By opening the gate and sharing our critical intelligence, we empower SOC and research teams, enhancing their capabilities and strengthening overall security posture.

With Radware Threat intelligence, you can stay ahead of potential cyberattacks. SOCs will enhance the quality of data analysis by gaining clear context behind the source with actionable data and receiving alerts about potential cyberattacks originated from your network before they escalate.

Introduction to Radware Unique Sources and Cyberattack data intro:

Radware Threat Intelligence is uniquely valuable due to its real-time delivery of aggregated cyberattack data and insights.

This data, derived from mitigated attacks and hacking attempts worldwide, targets a wide range of industries —from government to retail.

Delivered by various components of Radware, which we call Interceptors, this data is both unique and trustworthy:

  • On-Premise Devices - Radware hybrid customers using on-premise devices for local detection and mitigation to protect their own assets. These devices report real-time attack data to Radware and divert network data to Radware Cloud during volumetric attacks, making Radware Cloud the interceptor.
  • Deception Network - Completes the cyberattack data by identifying specific malicious behaviors or studying new techniques and automated threats.
  • Radware Threat Research Center- Our team of researchers and data scientists constantly gather intelligence and cross-reference it with cyber-attack data and data analytics.
  • Radware Cloud – Our global network of cloud-based security solutions provides a comprehensive view of ongoing cyberattacks. Detected and blocked by various components of Radware's security solutions, including Network DDoS, Web DDoS, FWaaS, WAAP (WAF, API Protection, Client-Side and Bot Manager) Protections.

    These components can also be deployed across any public or private cloud and data center, even as a out-of-band service.

Image: Interceptors with real-time analysis along with attack type Image: Interceptors with real-time analysis along with attack type

The diverse interceptors report cyberattack data, enhancing the data context by blending intelligence with data analytics. This makes Radware Threat Intelligence a service with actionable data and visibility into valuable information that companies like Radware typically do not expose.

Why is There Less Trust in Intelligence Obtained Through Crowdsourcing or Honeypots?

Image: Data analysis with clear context and risk analysis

Image: Data analysis with clear context and risk analysis

To trust your intelligence data, it must be effective, validated in near real-time, and provide comprehensive attack analysis, accurate fraud scoring, and timely alerts.

When SOC team members or incident response systems like Extended Detection and Response (XDR) rely on threat intelligence during an attack, it should be able to make informed decisions. However, this comes with some challenges:

False Positive –

Legitimate IP addresses are incorrectly flagged as malicious (getting a high-risk fraud score), leading to incorrect blocking decisions by XDR due to inaccurate threat intelligence analysis.

False Negative –

Malicious IP addresses are incorrectly classified as low fraud score or no risk, allowing attackers to continue operate undetected since XDR usually doesn’t block it immediately.

Intelligence without real cyberattack data, based on honeypots or crowdsourcing (multiple data partners who are reporting about their own findings) is less trustworthy:

  • Honeypots – Designed to attract attackers but may not reflect real-word attack techniques and tactics. Smart hackers will not expose their source against non-real target.
  • Crowdsourcing – usually not real–time data, waiting for multiple data partners to report and curate findings (data cannot be relayed on single reporter). This delay can result in incorrect fraud score, another concern is that data partner can fault as a victim of IP spoofing and score the wrong IPs.

Radware Threat Intelligence analyzes real attack data in real time against real targeted applications, providing clear contextual visibility and real-time fraud score. It also exposes targets with their specific vertical. Fraud score assessment is also based on Open-Source Intelligence (OSINT) finding with evidence, with explanations for the scores. This ensures that scoring is based on current activity, not just historical data.

Image: Real-time attack reported by multiple customers Image: Real-time attack reported by multiple customers

Radware Threat Intelligence addresses these false negative and false positive challenges, effectively enhancing your threat detection, incident response, and overall security posture.

Findings, Insights, and Actionable Data Usage Examples:

Your visibility into Radware Threat Intelligence can be accessed in several ways:

  • Radware Portal – For customers using the Radware Cloud Portal, type the IP address on the Threat Intelligence Center page.
Image: Search Source IP in Threat Intelligence Center

Image: Search Source IP in Threat Intelligence Center

  • Security Event - Customers using the Radware Cloud Portal and protected by Radware security solutions can access security events containing direct links. This easy access saves time and allows informed decisions by gaining comprehensive visibility into the source IP address causing security events.
Image: link from Radware Cloud portal security events

Image: link from Radware Cloud portal security events

  • Reputation Alert email - Designed to inform your organization of potential cyber-attacks originating from your network. Click on the source IP address in the email to get the reason behind the alert.
Image: email with link to Radware Threat Intelligence

Image: email with link to Radware Threat Intelligence

  • REST API - For seamless integration, query Radware Threat Intelligence for single or bulk sources. Fully integrable with any existing security workflow, it supports research, connects to incident response or event systems, and builds custom charts.

For example, during abnormal detection, the system can enrich insights with WHOIS lookup, current fraud score, IP type, and the reason behind the score.

In the following example, abnormal geolocation was detected and WhatsApp alert sent to SOC team:

Image: WhatsAPP alert sent to SOC team

Image: WhatsAPP alert sent to SOC team

SOC also generates actionable advice based on provided insight.

Image: WhatsAPP alert with actions

Image: WhatsAPP alert with actions

SOCs leveraging up-to-date validated insights on attack sources, whether by one-click information from security events or integrating intelligence with any application interface, can reduce investigation time, mitigate risk, improve overall SOC workflow and security team efficiency, and better prioritize events with actionable insights based on the provided data.

Call to Actions:

  • Get your Free Plan - Radware Threat Intelligence service offers several plan levels, including a Free Plan available to all Radware Cloud customers as part of their cloud portal subscription. Start using it today!

    For Radware non-cloud customers who wish to activate the Free Plan and access the Threat Intelligence service via the Radware Cloud portal, please submit this Request Form today.

  • Get Updates - Keep an eye on our new service updates to see more innovative insights, capabilities, and intelligence data enrichment. We will be adding these regularly based on feedback from customers, design partners, and our Research Team. To explore new Cloud Service Updates, click the “Updates” button in the Radware Cloud Portal for a brief explanation of the latest enhancements.
Image: “Updates” on Radware Cloud Portal

Image: “Updates” on Radware Cloud Portal

We’re excited to bring you a service that delivers exclusive, unparalleled data to bolster your organization’s defenses. With Radware Threat Intelligence, you gain a decisive edge against cyber threats. Empower your SOC with actionable insights and make Radware an integral part of your security strategy today.

Meir Michaeli

Meir Michaeli

Product Manager of Threat Research Center. Since 2008, Meir has thrived in the realm of application layer cybersecurity, specializing as a Web Security consultant and defender. His expertise lies in field experience, collaborating with CTOs, CISOs, and R&D to optimize application layer 7 security for organizations across DDoS, API Security, Bot management and Client-Side Protection (WAAP) with Cyber Threat Intelligence (CTI). As a passionate mentor in Hackathon groups and a contributor to pioneering protection methodologies, he has worked closely with diverse teams, including CTOs, product teams, and R&D, to develop innovative protection tools and features.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia