InstantGuard™ - Threat Intelligence Gateway

Block with global threat centers
Exchange of threat information with global threat centers

Modern attacks have combined a lot of techniques for hackers to control botnets for starting various attacks or stealing condential information.

Multiple agencies in the world have contributed some coverage of C&C servers.

L7 held the https://blacklisttoal.com to sync with many world-class blacklists to provide the best coverage of global threats.

Malicious IPs are identied with virus names to accurately stop threats immediately.

螢幕擷取畫面 2021-08-02 081513.png

L7 intelligence unit collaboration introduction

Facing ever-changing ransomware, L7 Networks InstantCheck® features with built-in blacklisttotal.com® authorization,
which is able to automatically update the black list in  database of malicious website, such as Malware Patrol®  / Cisco Talos® / NCCST® / FireHOL® / Abuse® 

  • Expert in blocking ransomware - Malware Patrol

Malware Patrol is a engine experts in blocking ransomware connections, specialize in constantly tracing DGA connected domain and IP from major website.

The number of the domains is enormous, even though it is capable of predict those domains and IPs, it is still a problem to blacklist those domains and IPs into our device.

Malware Patrol uses DGA domains that appear in 30 days to confirm the IPs are still existing, then put valid domains and IPs into the blacklist.

Most of ransomware virus families won’t encrypted computer’s files before reporting back to  malicious relay stations and download the encrypted key.

Picture6667.png
  • Expert in blocking malicious relay stations - FireHOL

FireHOL is a organization helping people integrate criminal IP blacklist for free, they provide script download automatically available for people to fetch it regularly, and checking known IP address, it will be removed from the blacklist  if it got out of suspicious.

gdgdfhfhdfh.png
  • National level defense - NCCST

(National Center for Cyber Security Technology )

NCCST is a Taiwanese government organization focusing on events such as cyber warrior invading Central government, local council, national enterprise and  Military unit, and release their blacklists regularly.

Every government A-level unit, B-level unit and C-level unit are ordered to input the blacklists into their firewalls and Intrusion Prevention System manually.

fgarhyjyuk.png
  • Blacklists - Cisco TaLos

After Cisco taking over Snort, taLos became the head of the line of Firepower, taLos release blacklists of IPs and domains on their website regularly for everyone to use.

hjuygdfa.png
  • Abuse.ch blacklists - SSLBL

Many website had encrypted in https, Malware also uses https for reporting back to relay stations.

The units of issuing certification for https are sometime issued by non-credibility or problemsome institutions. Therefor, SSL Blacklist (SSLBL) collects and blocks unscrupulous fingerprints with devices filters certificate fingerprints, for devices that are not able to recognize certificate fingerprints, SSLBL also provides IP blacklist for blocking.

qweettt.png
  • Abuse.ch ransomware blacklists -  RansomwareTracker

  • Tracking down ransomware is the purpose of RansomwareTracker, by holding complete network architecture of ransomware, the blacklists they provided efficiently cut off the spreading of ransomware

ppppppp.png

Overview every threat intelligence unit on the internet which they all operate independently, although they provide lots of free or paid information, but if we actually made defense list from their blacklist, it contains many misjudgments. The viruses mutate rapidly, it is utmost difficult to block new type of variant viruses invading computers. After L7 Networks questioning about those misjudgments, we often get answers like “the website were infected by unknown virus”, but the range of implication is enormous, and often cause some website unable to operate.

The purpose of L7 establish blacklisttotal.com® is to remove those misjudgments  and sync with many world-class blacklists to provide the best coverage of global threats, find out suspicious URL/IP and which of them are listed to be malicious relay stations. The complete list will built in L7 devices in order to protect our costumers.