Stop Bad IPs Continually with Globalscape’s Threat Brain Integration

In today’s cybersecurity environment, every bit of proactive defense helps to deter bad actors from entering and hanging around with potentially malicious intent. As a countermeasure, Globalscape EFT recently integrated Threat Brain, a unique, built-in threat intelligence feature which aggregates indicators from Fortra’s deep portfolio of cybersecurity solutions to continuously identify and block IPs with bad reputations or malicious intent before they enter the MFT environment.  

Why Proactive Security Matters

“Customers benefit greatly when their technical solutions get ahead of a problem rather than needing it to react to an issue. Traditional threat intelligence has been reactive versus proactive against cyberthreats and this Threat Brain integration turns that upside down,” said Paul Milne, Team Lead, Fortra MFT.

“When we hear about Brute Force or Denial of Service attacks at organizations, we know that their system unfortunately detected these attacks after the system was breached,” noted Milne. “And, often detection only happens through manual inspection of activity logs. This is just too late to prevent the fallout and damage.” In addition:

• If solutions are not continually checking for bad IP addresses, unknown vulnerabilities can be exploited or remain undetected, which can lead to Zero Day incidents.
• MFT service endpoints can be systematically probed by cybercriminals to evade automatic IP blocking mechanisms and mask their trail.
• Exploited vulnerabilities can be easily replicated across deployments, creating a more severe, domino effect with traditional MFT solutions.  

Proactive MFT Security Highlights

While the problems of traditional MFT are fairly evident, the benefits of MFT that includes a proactive security feature, such as Globalscape EFT,  with its built-in Threat Brain, are notably evident, as this solution includes capabilities and features no other solution offers:

1. IP addresses are continuously re-verified: Without a feature such as Threat Brain, other MFT solutions do not conduct ongoing monitoring of IP addresses once allowed. Globalscape however, checks IPS with every new session to ensure it remains safe. What this means is:
   1. IP reputation checks are conducted for incoming HTTP/S connections, SFTP, and AS2 protocols through Threat Brain’s API endpoints.  
   2. A "warn mode" lets users test settings in production, without actually blocking IPs. This mode lets you try the integration out and fine tune it, without impacting production. Then, when ready, it can be applied simply by turning Threat Brain on.
   3. IPs are automatically blocked if they have low reputation scores. (Adjustable sensitivity settings allow for customization of threat detection and provisioning allows for exceptions in case of false positives.)
   4. If an IP address with a low reputation is blocked, an admin can add an exception to allow for remedying the situation.
2. Access to a massive database of threat intelligence: Globalscape is able to benefit from the broad cybersecurity portfolio of Fortra, which creates a continual feed into the threat intelligence database of anonymized threat data. This collected threat data is unmatched in the MFT marketplace. 

Check out complete details on protecting sensitive data from bad reputation IPs. For a demo of all GlobalscapeEFT can offer your organization, schedule a full demo today.