Because the threat landscape is constantly evolving and more volatile than ever, businesses need a solution that can keep up with the known threats that target their web-facing applications and services. New cyberthreats are hitting the market at an alarming rate. Emerging botnets like DrainerBot and new variations of botnets like Mirai, IoTroop, and Reaper are constantly making headlines. Large corporations fall victim to massive data breaches on a weekly or even daily basis. With hacker methods continuing to grow in complexity and increasing their ability to execute at scale, businesses need to add security measures to manage the threats. Incorporating threat intelligence feeds can help temper this problem.
Threat feeds can consist of data from open source collectors, commercial threat-feed companies, and security providers’ own anonymized customer network. Because threat-feed data is cross-sectionally collected from multiple companies and markets, it provides a relatively current and comprehensive snapshot of current threats that can improve security postures. Oracle Cloud Infrastructure’s threat feeds offer customers a unique solution that is easy-to-use, has both blocking and detecting capabilities, and is full of freshly categorized threat IP data.
Defining, identifying, and monitoring threats aren't easy tasks. They can take a large amount of a security team’s time, often require a level of expertise that is in high demand and short supply, and are often inefficiently managed because teams don’t give them appropriate attention or resources.
At Oracle, we make it easy by giving our customers on-demand access to a diverse catalog of managed threat data, powered by Oracle Dyn Web Application Security. Customers can use this information to investigate incidents, to gain insights that help characterize malicious behavior, to guide their configuration of web application firewall (WAF) rules, to grow access control lists (blacklists and whitelists), and, ultimately, to strengthen their security posture.
Oracle provides customers with a variety of threat feeds that protect web applications against known malicious actors. Feeds are divided into different threat categories, which enables customers to closely manage and visualize the threats that are targeting their online business. Oracle’s threat feeds are categorized, managed, and derived from both open source and commercial feeds, such as blocklist.de, abuse.ch, BruteForceBlocker Project, and Webroot. To maintain the highest-quality intelligence, Oracle feeds are updated in real time, on a daily basis, with some feeds receiving upward of 500,000 updates per day.
Some customers aren't prepared to set feeds in block mode, but they want to better understand threat techniques and the IPs targeting their web applications. For these customers, Oracle provides the ability to use feeds in detect mode. When detect mode is enabled, all malicious requests that match a particular threat feed are denoted in a customer’s logs. The customer can then examine and evaluate the malicious threat data, and shift only selected feeds into block mode. The levels of segmentation and the ability to examine logs help customers to develop tighter security postures that are unique for their various web applications.
Many web application security solutions with threat feeds in the market provide only blocking capabilities. This protection measure isn't ideal because it can increase the rate of false positives. The Oracle Web Application Security platform is uniquely suited to help customers learn and manage malicious threats by providing detection capability, along with the ability to block. These capabilities enable customers to analyze unusually detailed logs and better understand known threats and capture previously unknown anomalous traffic.
Providing this flexibility, granularity, and robust threat intelligence data enables Oracle customers to control, visualize, and act on threats without ever having to manage or maintain the threat IP data itself.