Freely subscribe to our NEWSLETTER

According to the Webroot 2016 Threat Brief, over 100,000 net new malicious IP addresses are launched every day. Webroot continuously monitors and maintains a database of over four billion IP addresses from which a dynamic list of approximately 12 million malicious IPs is updated every few minutes and made available to HPE Security ArcSight customers in near real-time. The Webroot® Threat Intelligence Platform correlates IP reputation data with URL, file and mobile application data to determine relationships between object types while providing a predictive risk score for each IP. HPE ArcSight ESM has proven to be a valuable platform for correlating security events with highly-accurate, real-time IP reputation data to effectively detect and alert on malicious IPs within an organization.

BrightCloud Threat Intelligence for HPE ArcSight ESM continuously updates a list of malicious IPs in nine different threat categories including botnets, Windows exploits, and denial of service, forwarding those IPs as CEF events to HPE ArcSight ESM. Customers can then correlate the list of malicious IPs from Webroot with security events indexed by HPE ArcSight ESM to detect malicious IP activities in their incoming IP traffic. HPE ArcSight ESM alerts users to suspicious activities as they happen and the Webroot Threat Intelligence Platform is able to provide additional detailed contextual information on each malicious IP so that incident response teams can quickly investigate and remediate the most serious threats before they lead to costly data theft and loss.