In an ideal world, every website is safe. No one is trying to steal your access credentials or compromise critical applications. No one is trying to deny access to your digital assets or an online service such as email, banking, or e-commerce site.
But we don’t live in an ideal world. Hacktivists, cyber criminals, extortionists, and others don’t play nice. They do want to steal your access credentials and compromise applications. They do want to deny access to digital assets and online services.
Which is why reputation intelligence is an essential element for a robust application security plan.
Reputation Intelligence Essentials
Reputation intelligence uses a global network of sensors, endpoint devices, and honeypots to:
- Provide real-time and actionable feeds about a dynamic threat landscape — the IP addresses, URL, domains, TOR networks, anonymous proxies, and fraudulent websites known for suspicious or malicious activity.
- Rate the risk factor of communication with a cyber element (e.g., IP address, application, websites), by analyzing current, historical, and contextual data to correlate traffic and security-related events, determine patterns of behavior, and forecast security risks.
- Block or drop connections from/to a high-risk cyber element.
This information can be integrated into a variety of security systems — Web Application Firewalls (WAFs), authentication systems, System Event and Incident Management systems (SIEMs), and Intrusion Detection/Intrusion Protection Systems (IDS/IPS). Administrators can then set appropriate security policies, monitor for anomalous behavior, and manage risk. For example, an administrator could:
- Adjust authentication policy to be responsive to IP addresses, requiring stronger authentication for anonymous proxies or higher-risk connections.
- Drop any requests from IP addresses associated with malicious bots or suspicious activities.
- View enriched event and data logs for use in forensic investigations.
Reputation Intelligence Benefits
Reputation intelligence, when combined with contextual information (e.g., endpoint device, geo-location, and websites) can prevent a variety of cyberattacks, including:
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, by detecting and blocking botnets, SYN floods, and other anomalous communications.
- Malware attacks, by identifying and isolating malicious and blacklisted files.
- Source geographic location in alerts and violations will allow to define policies based on country of origin.
- Credential abuse attacks, by blocking malicious IP addresses, anonymous proxies, and TOR anonymizer addresses used to mask the identity of attackers.
Learn how Imperva solutions can help you prevent cyberattacks with reputation intelligence.