How important is a reputation?
American entertainer Will Rogers once famously said, “it takes a lifetime to build a good reputation, but you can lose it in a minute.”
Our reputations are valuable commodities that establish rapport and clout among our colleagues, partners, and customers. A good reputation can go a long way in establishing trust, credibility, and confidence in a relationship.
It makes just as much sense to consider the reputations of the IPs that pass through and access our sites as we consider the reputations of humans. Do we naively go about our days confident that our data is always secure and that no bad actors have any intention of carrying out deceptive behavior? Where would we even begin to understand which IPs are malicious and should be blacklisted or investigated further if we’re not sure?
Thankfully, Imperva has the answer and can help!
IP Visibility and Reputation, Hand in Hand
Within Imperva’s Management console lives a new service called Reputation Intelligence, integrating seamlessly with Attack Analytics. Reputation Intelligence is a service that now provides the ability to investigate suspicious IPs and uncover additional insight such as the types of attacks carried out and the tools used to carry them out. Imperva provides all the intelligence we’ve gathered on a given IP to help determine whether it’s malicious or not and leverages our crowdsourcing and wider customer base to learn all we can about that IP’s behavior. This further expands the Attack Analytics single-pane-of-glass approach with additional visibility into Account Takeover Protection, API Security and DDoS attacks.
Similar to our Actionable Insights functionality, our goal is to empower you to make more data-driven, informed decisions on whether an IP should be blacklisted or not. Adding this additional visibility into an attacking IP’s activity ensures you too can assess an IP’s reputation with the added benefit of our Risk Score. We’ll provide an assessment of the risk level posed by a particular IP, based on its activity across our wider customer base over the past 2 weeks including both clean and malicious traffic.
Figure 1: Reputation Intelligence dashboard view.
Additional IP characteristics we provide:
- IP address registration details, such as registered geolocation and ASN
- Attack geo-pattern
- Industries that are being targeted by this address
- Tools and platforms used to carry out attacks
- Violations that are attributed to IP address in question and their progression over time
It’s important to note here that the IP risk score is calculated by our research team and our security algorithms, based on behavior across all of Imperva’s customer base. Our calculation will determine where the IP should score, taking into account the number and severity of attacks, and the number of Imperva customer accounts that were attacked.
Figure 2: Risk score identifying malicious activity on IP.
Build Confidence and Instill Trust
Just as we’re able to form opinions about those around us based on their reputations, we too can form an actionable opinion on which IPs are malicious based on the analysis carried out by our algorithms. In the same way you wouldn’t let a habitual thief near an open safe, you wouldn’t want a malicious IP gaining access to your sites.
Allow Imperva’s Reputation Intelligence to play a pivotal role in your decision-making with a simple-to-action dashboard and the ability to drill down into any questionable IPs you may be curious about. Find our new icon on the navigation panel of your Cloud WAF Management console or linked within Attack Analytics and get started today!
Lastly, we want to hear more from you. Comment below or join our online community to share your feedback and Reputation Intelligence experience with us. Help us to understand what functionality is important to you and become an influencer in our future state. We have exciting updates on the horizon including device fingerprinting, host reputations, URLs, etc.
Knowing what excites you, matters to us.