Threat Intelligence

Today’s cyber criminals are more sophisticated, organized, skilled and persistent than ever. The threat actor landscape has evolved from single individuals with a hobby and an agenda, to include cyber-terrorists, cyber-criminals, professional hackers, hostile nation states, and rival companies. At the same time, new vulnerabilities are discovered daily in protocols, operating systems, networking devices, and applications. Keeping pace with threat actors and new threat vectors created to exploit these vulnerabilities is a daunting task. Our worldwide team of researchers and engineers work around the clock to provide customers with the most complete view of the evolving threat landscape possible.

The NSFOCUS Threat Intelligence (TI) Subscription Service provides you with actionable intelligence that minimizes your risk and improves your overall security posture.

Features and Benefits
Global Threat Intelligence, including China
NSFOCUS’ TI Subscription Service provides complete visibility into the global threat landscape – including China. Up to 40% of the world’s hacking activity originates in China and the exploits and attacks discovered in this part of the world often take hours, days, weeks and even months before they are replicated to other parts of the world. Your organization is vulnerable during this critical time period if your threat intelligence solution does not provide complete visibility into the global threat landscape.

Simply researching, understanding, analyzing, and reporting on new threat actors, vectors, and motivations is not sufficient to provide comprehensive security. In order to provide value, the intelligence must be actionable and incorporated directly into security policies to actively block intrusions. The TI Subscription Service provides access to IP reputation, malicious Web/URL, command and control, and malware data feeds. These feeds have been integrated into the full suite of NSFOCUS network and application security products, including Anti-DDoS (ADS), Cloud DDoS Protection Solution (DPS), Next-generation Intrusion Prevention (NGIPS) with Threat Analysis (sandboxing),
and Web Application Firewall (WAF).


The NSFOCUS TI Subscription Service is the perfect complement to your existing threat intelligence initiatives. The service provides standards based APIs for simplified integration with existing SIEM or TIP systems including Splunk, LogRythm, HP, ThreatConnect and more.

TI Subscription Service Data Feeds
Our feeds provide information in four crucial areas, and are delivered worldwide by strategically located NSFOCUS Cloud Centers:

IP Reputation Data Feed
This is a list of IP addresses that have earned a negative reputation through involvement in suspicious activity, including phishing attacks, spam, botnets, DDoS attacks, APT attacks, and more.

Malicious Web/URL Data Feed
This is a domain reputation list that includes malicious websites that are the source of malware or phishing attacks.

Command & Control Data Feed
This is a set of IP addresses that are known to control botnet armies used to take services offline. This feed is used to prevent your own resources from participating in a cyber-attack, as well as conserving your compute and network resources.

Malware Data Feed
This is a set of MD5 file hashes that can be used to identify malware in email or file transfers, as well as stored data.

For more information, please download the TI Subscription Service datasheet.