What is IP/Domain Reputation?
AlienVault covers the importance of IP/domain reputation data and why it's an important tool for incident responders and security professionals.
Hello. Today I’m going to talk about IP and domain reputation, and why it’s such an important tool for incident responders and other security professionals. In this short video, I’ll explain why it’s so important to monitor the IP and domain reputation of those who are interacting with your network, as well as the reputation of your own systems, your public IPs, and your domains. In many ways, IP and domain reputation monitoring is a similar concept to what other online reputation vendors provide. Companies like Klout and reputation.com and others. The key difference is that IP and domain reputation is applied to incident response and threat intelligence, and also indicates whether an IP or domain has been associated with any nefarious activity.
So, why should you care? Well, if your system is compromised, it might be used in attacks against other organizations. Your system could be used as part of a botnet, a distributed denial of service attack, a spamming platform, and more, and this activity would have serious consequences for your organization. So monitoring any changes to your reputation provides the critical detection you need to make sure that your systems are secure and aren’t being used in attacks against others. Reputation data is also a critical tool in understanding how to prioritize incident response alerts. For example, if I see an alarm where the destination address is a system known to be a command and control server, I’m going to respond to that alarm first, and as quickly as I can. And the other side of this is understanding the security posture of your own assets, like your publicly-facing servers, IP addresses and domains.
If your organization’s IP addresses or domains appear in a blacklist, a hacker forum like pastie or pastebin.com, chances are that one or more of these systems have been compromised, and compromise of public systems like web servers can be just the tip of the iceberg. Abandoning ship, or choosing not to respond to malicious activity on your network commonly leads to data loss, legal and compliance liability, service disruption, and lost revenues, none of which are good. So, given the risk, what can you do to protect your network? No, that might protect your network, but that’s not going to help us get business done. The answer is to monitor the reputation of those interacting with your assets, as well as the reputation of your own assets. And luckily, we have an answer for you on this.
AlienVault’s open threat exchange reputation monitor provides the security professional with the ability to understand the reputation of those systems interacting with his or her network, as well as continuous insight into the reputation of their own organization’s systems. To learn more and to sign up for this free service, just head over to our website, at www.AlienVault.com.