New Norse ThreatList continuously catalogs the Net’s most dangerous places
Norse Corporation, a San Mateo, CA-based leader in live attack intelligence, announced on April 8 Norse ThreatList™, a unique web portal that provides on-demand, instant risk scores with rich context for any IP and URL address of interest. Norse ThreatList features an easy-to-use search portal for human intelligence analysts, as well as a machine-readable threat intelligence (MRTI) RESTful API for easy integration into existing security architectures.
Norse ThreatList gives users a continuously updated window into the massive 7-petabyte Norse Attack Intelligence database that delivers unmatched visibility into the farthest corners of the Internet, even the darknets. Norse ThreatList can be used to preemptively block dangerous connections or leveraged to accelerate and enhance post-breach forensics, the company says.
“Norse combined our best-selling DarkList and DarkViking products into a single offering, and enriched them with even better context data to create the new Norse ThreatList. New region codes enable geo-based risk blocking, and new service categories let you intelligently flag, throttle or even block content from risky sites, while still allowing normal traffic to pass at line speeds,” said Tommy Stiansen, CTO of Norse. “Norse ThreatList gives customers a faster, better and easier-to-use portal into Norse’s massive 7-petabyte database of attack intelligence.”
One of the big challenges facing any intelligence operation is minimizing false positives, especially when dealing with traffic from shared hosts, content delivery networks, domain name servers or advertising servers. Norse ThreatList’s new threat categories and richer contextual information helps security professionals filter threats more intelligently, blocking some, throttling and flagging others.
Norse ThreatList also provides more detail on bots and their targets, even bots launched from or targeting embedded systems (the “Internet of Things”). This lets security teams prioritize bots (or their command-and-control nodes) based on target, velocity or aggressiveness. A new RESTful API allows for broader deployments and faster, more granular parsing of today’s larger threat datasets, filterable by risk score, threat category or timestamp. Data from Norse ThreatList can even be exported in JSON or CSV formats for import and post-processing on other platforms.
Source: Norse Corporation