background

SWAT Feed

StratoZen Worldwide Active Threat Feed

SWAT Feed

Real-time threat intelligence feed of active attack sources in the last 7 days from a network of sensors around the globe.

Real Time Attack

Instant notifications if any of your systems are sending or receiving traffic from an active threat source.

Botnet Compromise

Immediate notification if your systems are compromised and being used to launch attacks.

Targeted System

Automatic notification if any of your systems are being targeted or probed by an active threat source.

Analysis Reports

Comprehensive reports and trending information to help you protect networks and systems proactively.

Why SWAT Feed

A threat intelligence feed is a list of computer addresses of malicious individuals who have been known to attack companies and their systems. These feeds can be placed in various cybersecurity solutions to block or notify when traffic comes from one of these known bad addresses. Not all threat intelligence feeds are created equal and some threat feeds can cause you more problems than they are worth. For example, many threat feeds (especially the free ones) are often incomplete, old and have erroneous addresses. When this happens, IT folks end up chasing false positives which is a huge waste of time. Threat feeds are supposed to increase accuracy and reduce false positives and unfortunately some lists have the opposite effect.

Cybersecurity is often like being a detective working through a case with forensic evidence. But with many threat feeds it is like working on cold case files from years ago rather than studying an active crime scene. A crime scene lets you see near real-time clues and evidence where with cold case files it is difficult to make any progress on a case and is often a huge waste of time. This is why we have come up with the next generation threat intelligence feed called the StratoZen Worldwide Active Threat (SWAT) Feed. We wanted to create a threat feed that tracked real-time, ACTIVE bad IP addresses. You know, bad actors using these addresses right now to compromise networks and systems. We also wanted to make it affordable for any business to use to get the maximum risk reduction.


Global Network of Sensors Tracking Active Threats Within the Last 7 Days
GLOBAL NETWORK OF SENSORS TRACKING ACTIVE THREATS WITHIN THE LAST 7 DAYS
StratoZen has setup custom built sensors throughout the globe in public datacenters. When an attacker attempts to compromise these systems (or even probes them looking for vulnerabilities), we capture this information and add it to our SWAT Feed. All this attack data gets correlated into a single list and is distributed within our SWAT Feed service. You can receive an updated list every hour.

So, if you are using the SWAT Feed, then you are getting the most up-to-the-minute list of active attackers right now. We get rid of stale data after a few days so this list is always up-to-date. SWAT Feed dramatically reduces false positives over lists and feeds that keep old data. Because the data is so fresh and relevant, any alert against the SWAT Feed list can be treated as critical severity ensuring quick response. Many security devices can import the threat intelligence feed automatically so you may be able to plug this into your current security solutions. We’ve also fully integrated SWAT feed into our SIEM-as-a-Service solution. With that service, you can be notified of attacks targeting your organization without any additional equipment being deployed or any additional personnel being hired.

In other words, what you get with SWAT Feed is a fully “operationalized” intelligent threat feed protecting your systems and networks from bad actors attacking right now. Organizations using the FortiSIEM platform can enjoy easy, automated integration taken care of by StratoZen which includes the custom alerting rules and reporting only cybersecurity and compliance experts can provide.

The Problem with Other Threat Intelligence Feeds

Threat feeds are becoming a critical element in an organizations threat intelligence arsenal. Unfortunately many threat feeds cause more problems then they solve for many reasons.

Stale Data

Data that goes back even a few weeks is too old to help

Large Network Blocks

Blocking large network segments may block legitimate traffic

Small Lists

With the threat so large, lists with only a handful of addresses have little value

False Positives

Erroneous data leads to false positives which costs you time and money

False Negatives

Gaps and old data make it more likely you will miss an active attack

Expensive Lists

Expensive threat feeds cannot justify their value against other technologies