Two AI Defense Schemes prevent Ransomware; Hackers for Netgate, Osigate, Watchguard, Sophos, Juniper, Sonicwall, Snort, Suricata ... firewall platforms

We are in IEEE Communications Society research team.

* IEEE : Institute of Electrical and Electronics Engineers, The world's largest technical professional organization for the advancement of technology.

After deep research, We have unique live updated defense matrix as below, have hourly/daily update via our Tarpits cluster servers.

Block the dangerous IPs at the beginning, don't go further protocols negotiation or less inner defense rules calculation, avoid further dangerous sessions, more secure, save bandwidth and CPU time...

• botnet : Current global robot zombie PC list, botnets can be used to perform DDoS attacks, steal data and hacker may access the device and hijack its connection. have daily update via our Tarpits cluster.
• sslbl : SSL cert is not 100% secured, SSL Blacklist is a collection of global malicious SSL certificates server IP list, have daily update via our Tarpits cluster.
• cisbl : Central Intelligence Security black list, a subset of global active hackers' IP, have daily update via our Tarpits cluster.
• IQRisk : delivers actionable threat IP intelligence to help ensure networks are safe from malicious and potentially malicious threats.
• DQlists : Rep Query Delivers Multi-Level, Robust Threat Intelligence to Meet the Needs of SME to Enterprises, have daily update via our Tarpits cluster.
  

  DQlist is providing maximum protection with minimum false positives, daily feed from Global anti-hackers alliance, global DQ lists suitable for most routers and firewalls.

  DQlist IP signature service integrates an ultra-high performance deep packet inspection architecture and dynamically updated IP signature database to deliver complete network protection from application exploits, worms and malicious traffic. A scalable solution supporting virtually any network size.

  • DQlist_classC : Global ipset in CIDR format, shorter list and most effective, any bad guy found then block whole class of network.
  • DQlist_48hrs : Global ipset made from track attacks, spyware, viruses, detected in the last 48 hours.
  • DQlist_30days : Global ipset made from track attacks, spyware, viruses, detected in the last 30 days.
  • DQlist_90days : Global ipset made from track attacks, spyware, viruses, detected in the last 90 days.
    
    
• tarpits : collection of Asia, China, Hong Kong, Macau hackers/spyware IP once triggered the protocols sensor alert, have hourly update via our Tarpits cluster.
  

  * Local Tarpits included all the above defense matrix (it is very good enough)

Defense proposal, Basic level security

• define TARPITS as first IP defense layer, set as firewall rules, a small tarpit list can block the most dangerous active threat, less resources, more efficiency. Hourly update is crucial.
  
• apply DQlist_48hrs, which have global hackers/ransomware/threats source, need to work with IDS/IPS, defense the rest of the most possible threat, the list is big and involve IDS/IPS rules computation, more resources, more CPU demand, more secured for OSI layers 5~7.
  
  

Defense proposal, Mid level security

• define TARPITS as first IP defense layer, set as firewall rules, a small tarpit list can block the most dangerous active threat, less resources, more efficiency. Hourly update is crucial.
• apply DQlist_30days, CISBL which have global hackers/ransomware/threats source, need to work with IDS/IPS, defense the rest of the most possible threat, the list is big and involve IDS/IPS rules computation, more resources, more CPU demand, more secured for OSI layers 5~7.
  
  

Defense proposal, High level security

• define TARPITS as first IP defense layer, set as firewall rules, a small tarpit list can block the most dangerous active threat, less resources, more efficiency. Hourly update is crucial.
  
• apply DQlist_90days, CISBL, BOTNET, SSLBL which have global hackers/ransomware/threats source, need to work with IDS/IPS, defense the rest of the most possible threat, the list is big and involve IDS/IPS rules computation, more resources, more CPU demand, more secured for OSI layers 5~7.

 

[Live Tarpits] Monthly Subscription : US$26

[Live Tarpits] Half year Subscription : US$156 plus One free month, total 7 months

[Live Tarpits] Annual Subscription : US$312 plus Two free months, total 14 months

* [Live Tarpits] included all the above defense matrix. (For most of the case, the [Live Tarpits] may already good enough.)

 

 

We are offering subscription base Cisco Snort, Proofpoint IDS/IPS, IQrisk :

i. Snort Talos at yearly subscription US$399 per sensor, daily update

ii. Proofpoint ET Pro at yearly subscription US$999 per sensor (Paid service have daily update, FREE subscription service have 30 days delay)

iii. Emerging Threats IQRisk daily update yearly subscription at US$399 per sensor, daily update

• The same Snort ruleset developed for our NG IPS customers, immediately upon release – 30 days faster than registered users, provide daily update.
• Priority response for false positives and rules
• Snort Subscribers are encouraged to send false positives/negatives reports directly to Talos

Multi source of IP Reputation matrix: free subscription with 30 days delay, paid subscription have daily update ... please call us for integration, we have BOTH daily and hourly defense definitions.

* Tarpits : meant rescue operation for live being who slowly sink in a swamp, a technical term in Reputation Defense system.