Skip to main content

Battle of the Week - Watchlist IP Addresses

The Battleground:

An engineering firm.

The Presumption:

Firewall policies block traffic that should not be able to access the network. However, not all malicious IPs can be possibly known.

The Discovery:

By maintaining communication with homeland security agencies, we gather lists of IPs that have a malicious reputation and block them on our customer's firewall. Our SIEM (Security Information and Event Management) produces alarms any time traffic is detected from firewall logs, which enables our analysts to monitor for blacklisted IPs that are known to stage attacks.

Our Solution:

When we receive lists from government agencies, we block these IPs preemptively in order to prevent future attack.

Lessons Learned:

InfusionPoints vigilantly monitors the current threat landscape and rapidly adapts to threats that face our clients.