InstantGuard™ - Threat Intelligence Gateway
Block with global threat centers
Exchange of threat information with global threat centers
Modern attacks have combined a lot of techniques for hackers to control botnets for starting various attacks or stealing condential information.
Multiple agencies in the world have contributed some coverage of C&C servers.
L7 held the https://blacklisttoal.com to sync with many world-class blacklists to provide the best coverage of global threats.
Malicious IPs are identied with virus names to accurately stop threats immediately.
L7 intelligence unit collaboration introduction
Facing ever-changing ransomware, L7 Networks InstantCheck® features with built-in blacklisttotal.com® authorization,
which is able to automatically update the black list in database of malicious website, such as Malware Patrol® / Cisco Talos® / NCCST® / FireHOL® / Abuse®
Expert in blocking ransomware - Malware Patrol
Malware Patrol is a engine experts in blocking ransomware connections, specialize in constantly tracing DGA connected domain and IP from major website.
The number of the domains is enormous, even though it is capable of predict those domains and IPs, it is still a problem to blacklist those domains and IPs into our device.
Malware Patrol uses DGA domains that appear in 30 days to confirm the IPs are still existing, then put valid domains and IPs into the blacklist.
Most of ransomware virus families won’t encrypted computer’s files before reporting back to malicious relay stations and download the encrypted key.
Expert in blocking malicious relay stations - FireHOL
FireHOL is a organization helping people integrate criminal IP blacklist for free, they provide script download automatically available for people to fetch it regularly, and checking known IP address, it will be removed from the blacklist if it got out of suspicious.
National level defense - NCCST
(National Center for Cyber Security Technology )
NCCST is a Taiwanese government organization focusing on events such as cyber warrior invading Central government, local council, national enterprise and Military unit, and release their blacklists regularly.
Every government A-level unit, B-level unit and C-level unit are ordered to input the blacklists into their firewalls and Intrusion Prevention System manually.
Blacklists - Cisco TaLos
After Cisco taking over Snort, taLos became the head of the line of Firepower, taLos release blacklists of IPs and domains on their website regularly for everyone to use.
Abuse.ch blacklists - SSLBL
Many website had encrypted in https, Malware also uses https for reporting back to relay stations.
The units of issuing certification for https are sometime issued by non-credibility or problemsome institutions. Therefor, SSL Blacklist (SSLBL) collects and blocks unscrupulous fingerprints with devices filters certificate fingerprints, for devices that are not able to recognize certificate fingerprints, SSLBL also provides IP blacklist for blocking.
Abuse.ch ransomware blacklists - RansomwareTracker
Tracking down ransomware is the purpose of RansomwareTracker, by holding complete network architecture of ransomware, the blacklists they provided efficiently cut off the spreading of ransomware