F5 Silverline Threat Intelligence Services

F5® Silverline® Threat Intelligence is a cloud-based service incorporating external IP reputation and reducing threat-based communications. By identifying IP addresses and security categories associated with malicious activity, this managed service integrates dynamic lists of threatening IP addresses with the Silverline cloud-based platform, adding context-based security to policy decisions. Silverline Threat Intelligence is available only as an add-on managed service to either Silverline® DDoS Protection or Silverline® Web Application Firewall. All services are managed with 24x7x365 support from F5 Security Operations Center (SOC) experts, reducing risk and increasing network and application efficiency by eliminating the effort of processing threat-sourced traffic.

Contextual Awareness and Threat Protection

Using a frequently updated list of threat sources and high-risk IP addresses, Silverline Threat Intelligence delivers contextual awareness and analysis of IP requests to identify threats from multiple sources across the Internet. F5 SOC experts draw on the capabilities of a global threat-sensor network to detect malicious activity and IP addresses. Even when Silverline Threat Intelligence is behind a content delivery network (CDN) or other proxies, it provides protection by analyzing the real client IP addresses as logged within the X-Forwarded-For (XFF) header. This allows the SOC to easily configure alarms or block traffic from a CDN with threatening IP addresses.

Granular Threat Reporting and Automated Blocking

Armed with the latest intelligence and predictive risk analyses, F5 SOC experts incorporate Silverline Threat Intelligence to reveal inbound communication with malicious IP addresses, and enable granular threat reporting and automated blocking. This increased visibility exposes IP-based threats such as phishing attacks, attackers using anonymous proxies, and the TOR network for online attacker anonymity. Once identified, these threats are mitigated by automatically blocking traffic through SOC-selected IP categories.

Threat Expertise from an Evolving IP Reputation Database

Managed by the F5 SOC, Silverline Threat Intelligence uses insight about the Internet’s most threatening IP addresses to block connections from those requests. This evolving database of addresses is refreshed from the cloud frequently to keep threat data current, minimize the threat window, and protect the organization and its reputation. By detecting and blocking malicious traffic, Silverline Threat Intelligence reduces a significant percentage of network resources. Emerging threats are continuously captured and
published, while IP addresses that are no longer a threat are removed from the threat data. Silverline Threat Intelligence also enhances Silverline DDoS Protection or Silverline Web Application Firewall (WAF) services without compromising access to legitimate IP addresses.