Background and Challenges

As the most basic identity in the Internet space, IP has always been the most fierce attack and defense point for the black market and Party A. In order to bypass the risk control strategy, the black market uses a large number of proxy services and PPPoE technology to frequently change IP for batch malicious activities, which has become the normal behavior of the black market. Since IP is a public resource, rashly blocking abnormal IP may damage the experience of normal users. Thus the response of risk control defense lags behind and the efficiency and effect are greatly reduced. In addition, with the popularization and application of IPv6, the black market also uses IPv6 as the underlying resource, and occupies a dominant position in the security confrontation of Internet business by virtue of the huge number of IPv6

Product Introduction
Threat Hunter IP risk profile is based on big data algorithm and perfect intelligence monitoring system. It combines the dimensions of IP type, acquisition and request time difference, normal user association, etc. to dynamically score the full life cycle of risk IP, support accurate identification of malicious IP of IPv4 and IPv6 protocols, and synchronously provide to enterprises for risk audit in business scenarios. It can judge the relevant attributes of IP in real time.
Product Functions
Support IPv6 risk identification
Threat Hunter has formed a complete set of IPv6 risk identification algorithms based on long-term research on the black market attacks using IPv6 and a large number of data tests.
Update IP risk level in real time
Based on the big data algorithm, dynamically score the whole life cycle of the black market IP, and determine the IP risk level in real time.
Accurate traceability of risk IP
Provide eight kinds of risk tags such as proxy, dynamic IP, server room traffic, and multi-client agency to explain the IP risks .
Provide IP basic information
Including basic information such as IP type, geographical location and operator ownership.
Product Advantages
High accuracy
Relying on Threat Hunter's perfect intelligence monitoring system on the black market, it can accurately perceive and discover the risk IP intelligence of the black market without the port sniffing technology to avoid misjudging the proxy servers ports of normal users.
High usability
Determine the risk level based on IP "whether it is held by the black market / whether it is malicious". Provide risk threshold analysis tools and reports. Users can directly configure appropriate risk thresholds for different business scenarios according to the reported recommendations.
Strong real-time capabilities
Determine IP risk in real time solving the problem that the traditional black IP library is not applicable to the business security scenario, and also solving the misjudgment caused by the replacement of IP.
Application scenario
For the request of high-risk IP, the graphical slider and other validation methods can be triggered. The IP is switched many times when crawling a large amount of information. Once the black market encounters risk control validation when crawling, it will pay extra costs to fight, which can effectively reduce the efficiency of the malicious crawler.
Batch registration
For the registered accounts whose IP hit high-risk level, the risk tag is provided, and the function of the risk account is limited in combination with the risk control strategy of the business itself and the characteristics of the platform. For example, for the malicious redirect problem of the social platforms, the speaking frequency of risk accounts can be limited, or allow speaking after strong authentication.
Identification of malicious traffic source
In the scenario of inviting new customers, the risk frequency of the IP that helps the account production can be limited. For example, penalize the account whose IP hit high-risk level for many times or conduct "strong authentication" such as SMS verification code, voice verification code or ID card authentication when taking rewards from the account, so as to ensure that the activity rewards will not be taken by black market.
Start a trial