A few weeks ago, we launched Radware Threat Intelligence service, providing all Radware customers with access to real-time cyberattack data. This invaluable resource is now available to enhance Radware services, helping customers stay ahead of emerging threats, identify the next zero-day vulnerabilities, and drive innovative security solutions.
Image: The Threat Intelligence Data
Radware is dedicated to protecting applications and infrastructure with AI-powered intelligent security, consistent protections and expert defense while safeguarding our customers. By opening the gate and sharing our critical intelligence, we empower SOC and research teams, enhancing their capabilities and strengthening overall security posture.
With Radware Threat intelligence, you can stay ahead of potential cyberattacks. SOCs will enhance the quality of data analysis by gaining clear context behind the source with actionable data and receiving alerts about potential cyberattacks originated from your network before they escalate.
Introduction to Radware Unique Sources and Cyberattack data intro:
Radware Threat Intelligence is uniquely valuable due to its real-time delivery of aggregated cyberattack data and insights.
This data, derived from mitigated attacks and hacking attempts worldwide, targets a wide range of industries —from government to retail.
Delivered by various components of Radware, which we call Interceptors, this data is both unique and trustworthy:
- On-Premise Devices - Radware hybrid customers using on-premise devices for local detection and mitigation to protect their own assets. These devices report real-time attack data to Radware and divert network data to Radware Cloud during volumetric attacks, making Radware Cloud the interceptor.
- Deception Network - Completes the cyberattack data by identifying specific malicious behaviors or studying new techniques and automated threats.
- Radware Threat Research Center- Our team of researchers and data scientists constantly gather intelligence and cross-reference it with cyber-attack data and data analytics.
Image: Interceptors with real-time analysis along with attack type
The diverse interceptors report cyberattack data, enhancing the data context by blending intelligence with data analytics. This makes Radware Threat Intelligence a service with actionable data and visibility into valuable information that companies like Radware typically do not expose.
Why is There Less Trust in Intelligence Obtained Through Crowdsourcing or Honeypots?
Image: Data analysis with clear context and risk analysis
To trust your intelligence data, it must be effective, validated in near real-time, and provide comprehensive attack analysis, accurate fraud scoring, and timely alerts.
When SOC team members or incident response systems like Extended Detection and Response (XDR) rely on threat intelligence during an attack, it should be able to make informed decisions. However, this comes with some challenges:
False Positive –
Legitimate IP addresses are incorrectly flagged as malicious (getting a high-risk fraud score), leading to incorrect blocking decisions by XDR due to inaccurate threat intelligence analysis.
False Negative –
Malicious IP addresses are incorrectly classified as low fraud score or no risk, allowing attackers to continue operate undetected since XDR usually doesn’t block it immediately.
Intelligence without real cyberattack data, based on honeypots or crowdsourcing (multiple data partners who are reporting about their own findings) is less trustworthy:
- Honeypots – Designed to attract attackers but may not reflect real-word attack techniques and tactics. Smart hackers will not expose their source against non-real target.
- Crowdsourcing – usually not real–time data, waiting for multiple data partners to report and curate findings (data cannot be relayed on single reporter). This delay can result in incorrect fraud score, another concern is that data partner can fault as a victim of IP spoofing and score the wrong IPs.
Radware Threat Intelligence analyzes real attack data in real time against real targeted applications, providing clear contextual visibility and real-time fraud score. It also exposes targets with their specific vertical. Fraud score assessment is also based on Open-Source Intelligence (OSINT) finding with evidence, with explanations for the scores. This ensures that scoring is based on current activity, not just historical data.
Image: Real-time attack reported by multiple customers
Radware Threat Intelligence addresses these false negative and false positive challenges, effectively enhancing your threat detection, incident response, and overall security posture.
Findings, Insights, and Actionable Data Usage Examples:
Your visibility into Radware Threat Intelligence can be accessed in several ways:
- Radware Portal – For customers using the Radware Cloud Portal, type the IP address on the Threat Intelligence Center page.
Image: Search Source IP in Threat Intelligence Center
- Security Event - Customers using the Radware Cloud Portal and protected by Radware security solutions can access security events containing direct links. This easy access saves time and allows informed decisions by gaining comprehensive visibility into the source IP address causing security events.
Image: link from Radware Cloud portal security events
- Reputation Alert email - Designed to inform your organization of potential cyber-attacks originating from your network. Click on the source IP address in the email to get the reason behind the alert.
Image: email with link to Radware Threat Intelligence
- REST API - For seamless integration, query Radware Threat Intelligence for single or bulk sources. Fully integrable with any existing security workflow, it supports research, connects to incident response or event systems, and builds custom charts.
For example, during abnormal detection, the system can enrich insights with WHOIS lookup, current fraud score, IP type, and the reason behind the score.
In the following example, abnormal geolocation was detected and WhatsApp alert sent to SOC team:
Image: WhatsAPP alert sent to SOC team
SOC also generates actionable advice based on provided insight.
Image: WhatsAPP alert with actions
SOCs leveraging up-to-date validated insights on attack sources, whether by one-click information from security events or integrating intelligence with any application interface, can reduce investigation time, mitigate risk, improve overall SOC workflow and security team efficiency, and better prioritize events with actionable insights based on the provided data.
Call to Actions:
- Get Updates - Keep an eye on our new service updates to see more innovative insights, capabilities, and intelligence data enrichment. We will be adding these regularly based on feedback from customers, design partners, and our Research Team. To explore new Cloud Service Updates, click the “Updates” button in the Radware Cloud Portal for a brief explanation of the latest enhancements.
Image: “Updates” on Radware Cloud Portal
We’re excited to bring you a service that delivers exclusive, unparalleled data to bolster your organization’s defenses. With Radware Threat Intelligence, you gain a decisive edge against cyber threats. Empower your SOC with actionable insights and make Radware an integral part of your security strategy today.