Connect with us

Hi, what are you looking for?


Network Security

Corero Network Security Adds Real-Time IP Address Blocking to Stop DDoS Attacks

Corero Network Security added reputation scanning and IP address blocking to its line of anti-distributed denial of service appliances.

Corero Network Security added reputation scanning and IP address blocking to its line of anti-distributed denial of service appliances.

Dubbed “ReputationWatch“, the new feature will identify known malicious entities in real-time and block access to bad IP addresses, Corero said Tuesday. ReputationWatch uses both reputation and geographic profiles to dynamically change network configurations and block distributed denial of service attacks and other malicious activity. The service will be generally available in the third quarter.

Corero ReputationWatchCorero experts would be monitoring the IP addresses to identify bots that fall within the command and control structure or are known to have participated in malicious content attacks in the past. Once identified, ReputationWatch would prevent access and block that traffic from entering the organization’s network. The dynamic analysis capability means the IP address is unblocked when it is not engaged in an attack.

“The launch of ReputationWatch is another key step towards enhancing Corero’s extensible platform to provide a first line of defense to combat threats, protecting IT infrastructure and eliminating costly downtime,” said Ashley Stephenson, Corero’s executive vice president.

IT administrators can proactively enforce security policies by taking advantage of the geolocation technology. Administrators can set access policies for each country and decide whether or not to restrict or block traffic from countries they do not to business with, or are known to host attack traffic. It would also be possible to set exceptions for IP addresses in high-risk countries to allow legitimate business partners and services through.

Reputation scanning is time-sensitive, as sources can be good one day and malicious the next, Stephenson told SecurityWeek. ReputationWatch assigns an expiration date to the IP Addresses, and the site is checked again to see if it is still malicious or if the problem has been cleaned up, Stephenson said.

With ReputationWatch, administrators will no longer have to manually maintain security configurations with automated, threat intelligence feeds. With access to the latest intelligence, organizations can defend against known sources of DDoS attacks, bots that have the IP addresses associated with identified C&C servers, systems delivering specially crafted denial-of-service exploits, known sources of malicious content attacks, phishing, and spam sources, Corero said.

Stephenson described Corero’s virtual patching capability that can protect customer networks before the actual security vulnerability is patched. For example, a security vulnerability in the popular Apache Web server was discovered last year, and the KillApache exploit was observed in the wild. Corero customers received a policy update for their appliance that was capable of recognizing the specially crafted headers and the type of malicious traffic and block it according, Stephenson said. Corero customers were protected before Apache was able to get the patch ready.

Advertisement. Scroll to continue reading.

While Corero is not recommending that organizations forego patching affected software, virtual patching is a first line of defense that can be applied quickly without disrupting the network environment, Stephenson said.

“By adding this extra functionality to the DDoS arsenal, businesses can continue to attack the threat head on with the knowledge that their network will be automatically updated and configured against the latest malicious threats, saving both time and money for the organization,” Stephenson concluded.

More on ReputationWatch can be found here.

Related InsightProtecting Your Network From DoS Attacks

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...