Webroot introduces expanded threat intelligence solution for Splunk

Webroot, the intelligent cybersecurity solutions provider for endpoints and collective threat intelligence, has announced the expansion of its BrightCloud Threat Intelligence for Splunk product family with the introduction of the Webroot BrightCloud Threat Intelligence Add-on for Splunk.

The new solution integrates the industry-leading Webroot BrightCloud IP Reputation Service into Splunk Enterprise or Splunk App for Enterprise Security, enabling enterprises to more quickly detect connections to malicious IP addresses within their IT infrastructure. With BrightCloud threat intelligence, Splunk alerts of suspicious activities as they happen and provides detailed contextual information on each malicious IP so incident response teams can quickly investigate and remediate threats before they lead to costly data theft.

According to the Webroot 2015 Threat Brief, over 85,000 IP addresses are reclassified from benign to malicious every day. This reinforces the importance of using real-time IP threat intelligence to effectively detect and alert of malicious IPs. With Webroot's dynamic list of known malicious IP addresses, which contains approximately 12 million IPs at any given time, the BrightCloud Threat Intelligence Add-on for Splunk enables enterprises to correlate network traffic and IP reputation data in their Splunk Enterprise or Splunk App for Enterprise Security environment to identify suspicious inbound and outbound IP connections.

"Because attackers change hosts and IP addresses frequently, enterprises can struggle to determine which new IP address activity indicates threats to their organisation," said Mike Malloy, executive vice president of products and strategy at Webroot. "With Webroot BrightCloud Threat Intelligence Add-on for Splunk, enterprises can augment threat data in their existing security response solution with Webroot's big data analytics and automated machine learning to rapidly identify potentially dangerous incoming or outbound IP traffic, minimizing the window of opportunity for attackers."