The product consists of selected streams of IP addresses data:
FS TI can be integrated into a cybersecurity intrusion detection and prevention system. The product allows you to identify anomalies in network traffic and application traffic. FS TI can be used as a stand-alone solution, as well as integrated into SIEM/SOAR and into other information security solutions.
Cybercriminals often hide their IP addresses in an attempt to circumvent network traffic monitoring systems. In order to commit fraudulent and hacking activities, they use virtual private networks (VPNs) or Internet proxies and use public VPNs and proxy services, as well as services with limited access to DarkNet. Traffic analysis of TOR and other services will assist in identifying criminals.
FS TI contains information about VPNs, proxy services, hosting services where you can place any content (shockproof), IP addresses that are used to:
The implementation of FS TI in SIEM/Firewall enables corporate networks to monitor traffic and decide whether to block or mark incoming and outgoing connections to IP addresses. This avoids cyber incidents and assesses the risks of unauthorized connections by people who use such IP addresses.
The product database lists not only IOCs, i.e. IP addresses from which cyberattacks have already been carried out, but also IP addresses with a dubious reputation that could potentially be used for criminal activities. Daily issuance of more than 300,000 active IPs with a high probability of attacks, while the rest of the companies such information appears in 2-6 weeks.
FS TI allows users to perform in-depth traffic analysis, make decisions based on the data obtained, and prevent possible incidents.
Users can download reports from FS TI in TXT, JSON formats. The product is integrated into SIEM, SOAR, Firewall systems, as well as into other security systems.