Real-time IP address blocking of DDoS attacks
Corero Network Security is extending its capabilities with the launch of ReputationWatch. It will identify in real-time known malicious entities and block access to “bad’ IP addresses “on-the-fly’ based on reputation or geographical origin, to dynamically block DDoS attacks and other attack activity.
ReputationWatch will provide businesses with contextual awareness by automatically changing network configurations to block malicious IP addresses in response to the latest intelligence.
By monitoring for constantly changing IP addresses, bots that fall within the recognized botnet command structures and those that have historically participated in malicious content attacks, it will prevent network access, reduce the number of false positive alerts and eliminate costly downtime by ensuring the network is always up.
The dynamic analysis capability also means that the IP address is subsequently unblocked when it is no longer a source of attack.
In addition to stopping attacks from malicious IP addresses, ReputationWatch will feature geolocation technology that will enable organizations to proactively enforce security policies based on the national origin of IP addresses.
IT administrators will be given the control to set access policies for each nation, allowing the business itself to deny or control the rate of traffic from countries with which they do not do business, or countries associated with high numbers of attacks. It will also be possible to set exceptions for those IP addresses in high risk countries with which the organization does do legitimate business.
“The launch of ReputationWatch is another key step towards enhancing Corero’s extensible platform to provide a first line of defense to combat threats, protecting IT infrastructure and eliminating costly downtime,” said Ashley Stephenson, Corero executive vice president. “By adding this extra functionality to the DDoS arsenal, businesses can continue to attack the threat head on with the knowledge that their network will be automatically updated and configured against the latest malicious threats, saving both time and money for the organization.”