Choosing a Threat Feed For IP Blocking
A threat feed for threat feed for IP blocking external visibility into malicious activity by enabling security teams to block suspicious observables, including an IP address, domain or malware signature. This reduces risk by limiting the damage an attack can do, and increases efficiency by automating data collection and analysis, freeing up time to focus on other threat prevention activities.
A popular choice is the Emerging Threats Intelligence feed (ET), a real-time threat intelligence service that provides detailed technical data on threats and attacker tools. This includes phishing email headers, DNS records and malware checksums to scan for attacks in progress and identify indicators of compromise. It’s available in both a free and premium version, with the premium offering delivering higher update frequencies and larger datasets for better protection.
Top Threat Feeds for Real-Time IP Blocking
Other useful threat intel feeds include the SecIntel threat intel feed, which can be integrated with MX Series and SRX Series firewalls to automatically block command and control communications at line rate. This helps to protect against APTs and other advanced threats by preventing the exchange of information between compromised hosts, known as C&C communications. When choosing a threat feed, be sure to assess the quality of data and the relevance of the information provided. Consider the provider’s reputation, data sources and analytical capabilities. Also, look for the frequency of updates and format compatibility with your infrastructure. For example, some threat intel feeds offer a real-time update while others deliver scheduled updates on hourly or daily intervals.