Enhancing Application Security: The Power of Integrating Malicious IP Feeds into your ADC
In today’s digital world, the fight against online threats is more intense than ever. Cyber attackers are getting smarter, and it is becoming harder for businesses to keep up. Due to the rise of easy-to-use attack tools and anonymous payment mechanisms, the motivation for attacks is expanding into new domains such as ransom and hacktivism. These attacks can cause severe damage, like ruining a company’s reputation or incurring significant financial losses. As of 2023, over 72% of businesses worldwide were affected by ransomware attacks with an average cost of ransomware reaching US$ 1.85 million per attack. That is where Radware threat intelligence feeds come into play. These feeds give companies the inside scoop on new threats so they can stop them before they cause any harm.
Radware’s Emergency Response Team (ERT) Threat Research Center has created a unique threat intelligence feed that enhances the security of data centers and applications by providing Radware products, such as DefensePro, Alteon and Radware Cloud Services, an up-to-date lists of IP addresses that have recently been involved in cyber-attacks though blocking this traffic before it reaches the application.
In this blog, we will talk about why using threat intelligence feeds on your Alteon is so important for keeping your business safe from online threats.
What makes Radware’s ERT Active Attackers Feed so unique?
Radware’s Active Attackers Feed is an aggregation of multiple exclusive Radware data sources that are combined and correlated by Radware’s ERT Threat Research Center. This unique compilation, alongside Radware’s proprietary visibility into actual real-time attacks, places Radware in an unparalleled position to provide comprehensive and timely threat intelligence.
The feed aggregates the following data sources:
- Information on attackers actively engaged in malicious activity, gathered through Radware’s Global Deception Network.
- Intelligence data on DDoS and application attackers from Radware’s Cloud Security Services.
- Proprietary bot and botnet intelligence algorithms developed by Radware’s ERT Research Center.
These diverse sources are integrated and scored within a big data cloud platform, resulting in a list of currently active malicious attackers. The feed is regularly updated and downloaded to Alteon every 15 minutes, enabling preemptive blocking of attackers before an attack commences.
Figure1: Radware’s Live Threat Map.
Key Benefits of enhancing Alteon security using ERT Active attacker Feed.
Enhanced IP Threat Protection: Malicious IP feed is typically positioned at the perimeter to intercept attacks before they penetrate the company network. However, integrating such a feed also into the ADC, very close to the application and servers, serves as a ‘last line of defense’. This ensures that even if a malicious IP address bypasses perimeter defenses, it will still be blocked before reaching critical assets. This reinforces the overall security posture of the application environment by blocking threats from high-risk IP addresses recently involved in security incidents.
Customizable Action: Every malicious IP address is linked to various threat sources, including denial-of-service attackers, botnets, IoT botnets, scanners, web attackers, and anonymous proxies. Each address is then assigned a risk score based on its behavior, categories, and traffic volume. Alteon Administrators possess the flexibility to tailor actions—whether to block, report, or allow—according to score levels, categories, and geolocation.
Protection Behind CDNs and Proxies: As the Alteon decrypts the incoming traffic and analyzes HTTP headers, it can identify the “real” client IP presented in the IP address header (e.g., X-Forwarded-For header). This allows Alteon to accurately pinpoint the origin of incoming requests, regardless of whether they have been routed through intermediary services like CDNs or proxies.
Improved Data Center Efficiency: The ERT Active Attacker Feed streamlines data center operations by preemptively blocking attackers, reducing the load on security modules requiring enhanced processing like SSL offload, WAAP Processing, and Bot Protection.
Comprehensive Reporting and Analytics: Alteon provides alerts for blocked and reported malicious IPs, and the Cyber Controller dashboard offers insights into top attacking geolocations, attack categories, IP addresses, attack volume over time, and more.
Accuracy: With updates every 5 minutes, the feed ensures timely protection while minimizing false positives, thereby preventing legitimate users from being blocked.
Figure2: ERT Active Attackers Feed (EAAF).
In today’s digital landscape, businesses face an ever-growing threat from cyberattacks that can cause significant damage and financial loss. Radware’s ERT Active Attackers Feed offers a unique solution to preemptively block malicious IPs and protect data centers and applications. By leveraging this feed on Alteon devices, businesses can enjoy enhanced IP threat protection, frequent updates, improved data center efficiency, and customizable actions tailored to their needs. Furthermore, the comprehensive reporting and analytics provided by Radware empower organizations with insights into cyber threats in real-time. To safeguard your business from online threats effectively, consider integrating Radware’s ERT Active Attackers Feed into your Alteon security measures today. This capability is included in the Alteon Secure Subscription package.
To learn more about how Radware can help protect your application security, check out this link: Radware Alteon solution information.
