Using our Collective Intelligence Network Security, or CINS, we can identify several classes of “bad” IP addresses.
IP addresses tend to have certain “personalities.” For example, perhaps a Chinese IP address gains a reputation as a scanner, or maybe a Russian (or American) IP address is prone to attacking remote desktop vulnerabilities. There are IP addresses from all over the world flagged as Command and Control servers for malware botnets.
More than reputation lists, we utilize non-IPS sensor data to examine traffic on unused IPs on all Sentinel IPS protected networks to augment and populate the CINS system. Through analysis and continuous scoring of data, akin to machine learning, our active threat intelligence stream is created.
All of these characteristics and more play a key role in developing an IP address’ trustworthiness score.
Many years of usage have proven the value of this approach. If you manage an IDS or IPS sensor, or SEIM, regardless of the vendor, you have likely benefitted from an alert or block vis-a-vis the CINS system under the heading of CIarmy, which is now CINS Army.
How do I access CINS Scores?
Today, CINS Scores are only available to Sentinel customers using the Sentinel’s web interface. This may change as the CINS system continues to evolve. Until then, feel free to download the CINS Army List and add a new layer of security to your networks.