SAN MATEO, CA â€” Tues Nov. 19, 2013 â€” Norse, the leading provider of live threat intelligence solutions, today announced availability of Norse Darklist. This cloud-based service provides a continuously updated list of approximately three million high-risk IP addresses that can be integrated into enterprise SIEM solutions. By integrating Darklist, enterprise security teams can receive alerts when connections from malicious IPs are detected, add threat-intelligence depth to their forensics capabilities and quickly determine if they are being attacked by Advanced Persistent Threats (APTs).
“The number of attackers and their sophistication is constantly growing, and traditional IP black-lists with only tens or hundreds of bad IPs don’t scratch the surface,” said Richard Stiennon, chief research analyst, IT Harvest. “Norse’s Darklist of millions of continuously updated high-risk IPs has real potential to help customers proactively identify threats within their networks and prevent serious breaches.”
Norse Darklist delivers a level of visibility into the Internet’s most dangerous IP addresses unmatched by any other solution. Darklist leverages Norse’s IPViking live threat intelligence platform to deliver a compilation of approximately three million IP addresses spanning the entire Internet. The Norse platform identifies high-risk IPs through a myriad of methods including millions of honeypots, anonymous proxy (such as Tor) usage, custom crawlers and more. When the Norse platform identifies a malicious IP it analyzes it and assigns it a risk score between 0 and 100 based on the IP’s history of malicious activity. High-risk IPs are added to Darklist as they are identified, so each time customers request a new Darklist they can be assured that it is always up to date. Darklist is available via a simple RESTful API query (manual or automated) and returned in CSV format for integration into customers’ SIEMs or other security solution.
“More than 2,500 of our customers rely on Splunk Enterprise to provide visibility for security intelligence, among other use cases. Splunk moves users beyond typical SIEM use cases by helping enterprises analyze and correlate data to identify anomalies, outliers and indicators of potential breaches across their global networks,” said Steve Sommer, chief marketing officer for Splunk. “Norse Darklist enhances Splunk Enterprise and our Splunk App for Enterprise Security by providing real-time intelligence into today’s advanced threat landscape and an early warning about today’s advanced threats. This kind of context is critical in risk mitigation and prioritization.”
“Security professionals know their organizations are under constant attack from high-risk IPs. Unfortunately, they lack the intelligence needed to provide maximum defense against them,” said Tommy Stiansen, CTO, Norse. “With Norse Darklist, they have access to unprecedented intelligence that allows them to ensure an effective defense against the Internet’s highest-risk IPs, significantly reducing bad actors’ ability to breach networks.”
To find out more about the Norse Darklist, visit http://norse-corp.com/darklist.html
Norse is the leading innovator in the live threat intelligence security market. With the goal of transforming the traditionally reactive IT security industry, Norse offers proactive, intelligence-based security solutions that enable organizations to identify and defend against the advanced cyberthreats of today and tomorrow. Norse’s synchronous, global platform is a patent-pending infrastructure-based technology that continuously collects and analyzes real-time, high-risk Internet traffic to identify the sources of cyberattacks and fraud. Norse is the only provider of live, actionable, cyberthreat intelligence that enables organizations to prevent financial fraud and proactively defend against today’s most advanced cyber threats including zero day and advanced persistent threats. Norse has offices in Silicon Valley and St. Louis. Visit us online at norse-corp.com.