We’re excited to announce a new partnership with Team Cymru, enabling new use cases for bot detection with the Pangea IP Intel service!
Who is Team Cymru?:
Team Cymru is a threat intelligence pioneer, and their data powers many security vendors’ offerings. In addition to a global network of sinkholes, honeypots, darknets and sensors, they work with ISPs, hosting providers, and over 130 CSIRT teams across 86+ countries to make the Internet a safer place. Team Cymru observes activity across every ASN on the Internet and scores that activity to bring you unparalleled threat intelligence.
Team Cymru customers rely on security intelligence coming from the Team Cymru platform to close detection gaps, accelerate incident response, and detect threats and vulnerabilities across their entire enterprise and third-party ecosystems. This partnership makes Team Cymru’s impressive security intelligence dataset available through Pangea’s pay-as-you-go model - giving developers access to knowledge on specific IPs including bot detection, brute force attacks, controller communication, phishing host status and more.
The Team Cymru IP Reputation Feed gives a complete 10 category breakdown as well as a risk score for a given IP which is calculated using additional pattern data. Users can evaluate what types of IP addresses are relevant, as well as implementing confidence thresholds based on their use case.
Team CYMRU's data is generated by numerous techniques including analyzing hundreds of thousands of IP addresses and malware samples daily, observing bots, extracting controller data, and using custom emulators to verify bot and controller status.
How does Team Cymru work with Pangea?
Bots and bot attacks can be a huge problem for cloud applications. Bot accounts can waste precious time and resources needed to serve actual users of an application. They can even take down your site. Most organizations taking preventive measures are using tools in the security operations center (SOC) after which security analysts can block those connections on a firewall or other edge device. That might be too little too late.
Using Team Cymru data together with Pangea, developers can design smarter cloud applications that automatically prevent connections from known active bot IPs. Team Cymru is constantly updating the data, and with Pangea's daily sync, every IP in the feed receives updated reputation scores based on changes in patterns observed over the past 30 days. The key used to calculate the score is included in the feed and can be used to reconstruct the behavior patterns observed for each individual IP in the feed. Developers can then use the reputation score to take action against IPs.
The new Team Cymru provider capabilities for the Pangea IP Intel service will initially be in Beta then released to General Availability (GA) in a few weeks.
The IP Intel Service Endpoints are:
IP Reputation (Cymru): This endpoint allows a user to query the Team Cymru dataset for security information on a given IP address. This action will return a risk score which can be used to take action against the IP. IP reputation is scored on the 10 standard behavior categories listed above plus a number of additional factors including:
Number of days in feed
Number of active detections
Number of passive detections
Detection type
Controller behavior:
Non-standard port
# controllers on same IP
# unique domains on same IP
Instructions decoded
DDoS Activity
SSL usage
Malicious IPs in /24
This results in a combined risk score which can be used for in-product decision making. Security experts at Pangea recommend that any reputation score over 70 be considered malicious, and tuned based on the developers’ risk tolerance.
Visit our documentation for more information and to learn how to add these smart security features into your next application using Pangea.
Follow us on Twitter and join our community Slack channel. We have a team of developers ready to help support your next project and answer any questions you have.