Provider Information
Learn about security data providers supported by IP Intel
Overview of provider
A "provider" is a third party company who has partnered with Pangea to deliver their security capabilities, technology or data through a new or enhanced Pangea service.
List of Providers
CYMRU
Team CYMRU is a threat intelligence pioneer, and their data powers many security vendors’ offerings. In addition to a global network of sinkholes, honeypots, darknets, and sensors, they work with ISPs, hosting providers and over 130 CSIRT teams across 86+ countries to make the Internet a safer place. Team CYMRU observes activity across every ASN on the Internet and scores that activity to bring you unparalleled threat intelligence.
Team CYMRU customers rely on security intelligence coming from the Team CYMRU platform to close detection gaps, accelerate incident response, and detect threats and vulnerabilities across their entire enterprise and third-party ecosystems. This partnership makes Team CYMRU’s impressive security intelligence dataset available through Pangea’s pay-as-you-go model - giving developers access to knowledge on specific IPs including bot detection, brute force attacks, controller communication, phishing host status and more.
Team CYMRU IP Reputation Feed gives a complete 10 category breakdown as well as a risk score for a given IP which is calculated using additional pattern data. Users can evaluate what types of IP addresses are relevant, as well as implementing confidence thresholds based on their use case. Team CYMRU's data is generated by numerous techniques including analyzing hundreds of thousands of IP addresses and malware samples daily, observing bots, extracting controller data, and using custom emulators to verify bot and controller status.
CYMRU works with Pangea: Bots and bot attacks can be a huge problem for cloud applications. Bot accounts can waste precious time and resources needed to serve actual users of an application. They can even take down your site. Most organizations taking preventive measures are using tools in the security operations center (SOC) after which security analysts can block those connections on a firewall or other edge device. It is possible that the effort or action being taken may not be sufficient or effective anymore, given the current situation or circumstances. Using Team CYMRU data together with Pangea, developers can design smarter cloud applications that automatically prevent connections from known active bot IPs. Team CYMRU is constantly updating the data, and with Pangeas daily sync, every IP in the feed receives updated reputation scores based on changes in patterns observed over the past 30 days. The key used to calculate the score is included in the feed and can be used to reconstruct the behavior patterns observed for each individual IP in the feed. Developers can then use the reputation score to take action against IPs.
The new Team CYMRU provider capabilities for the Pangea IP Intel service will initially be in Beta then released to General Availability (GA) in a few weeks.
IP Reputation (CYMRU) is the IP Intel Service endpoint which allows a user to query the CYMRU dataset for security information on a given IP address. This action will return a risk score which can be used to take action against the IP. IP reputation is scored on several categories including:
- Number of days in feed
- Number of active detections
- Number of passive detections
- Detection type
- Controller behavior:
- Non-standard port
- Number of controllers on the same IP
- Number of unique domains on the same IP
- Instructions decoded
- DDoS Activity
- SSL usage
- Malicious IPs in /24
This results in a combined risk score which can be used for in-product decision making. Security experts at Pangea recommend that any reputation score over 70 be considered malicious, tuned based on the developer's risk tolerance.
For more information and to learn how to secure your next application using Pangea:
CrowdStrike
CrowdStrike's threat intel offering powers an adversary-focused approach to security and takes protection to the next level delivering meaningful context on the who, what, and how of intelligence data.
To learn more, visit the CrowdStrike website.
Digital Element
Digital Element has been providing global geolocation data and user insights that bring anytime, anywhere relevance and context to online initiatives―from desktops to mobile devices―for more than 20 years. The company’s patented technology delivers real-time access to accurate and reliable location intelligence without invading a user’s privacy. For over two decades, many of the world’s largest websites, brands, security companies, publishers, ad networks, social media platforms and others have trusted Digital Element’s technology to target advertising, localize content, enhance analytics, manage content rights, detect and prevent fraud—and more.
To learn more, visit the Digital Element website.
Choose a provider
Each provider cultivates data from different sources that yield different information. Some provider data sets and results may be more appropriate for your use case than others. Review each provider description carefully and pick one that best suits your requirements.
Select a provider as default
Providers can be selected as default in the Pangea Console. Setting a provider as default in the Pangea Console means your API request calls will use this provider, unless another provider is specified as part of your API request.
To select a provider as default for an API:
- Go to the Pangea Console
- On the left-hand navigation menu, select IP Intel
- Go to Settings
- Click Set as default for your preferred provider
You can override the default provider by specifying their name in the provider
field when making an API request to the /reputation endpoint. This is helpful if your default provider returns a verdict of Unknown
and you want a second opinion from another provider.
Was this article helpful?