Threat Intelligence (Value Added Services)

Based on a large number of attack samples captured on the CDNetworks Platform, through feature engineering and modeling strategies based on expert rule analysis, Cloud Security 2.0 can generate accurate IP threat intelligence applicable to different scenarios. You can use threat intelligence to monitor traffic initiated by suspected malicious IPs, and if necessary, enable blocking as a supplemental protection measure.

Threat intelligence mainly includes the following types:

• Specific Attack Risk IPs: High-risk IPs that have been blocked by the Cloud Security 2.0 platform and are continuously engaging in attack activities, such as DDoS attacks, web vulnerability exploits, malicious crawlers, and malicious scanning.
• Industry Attack Risk IPs: High-risk IPs that have been blocked by the Cloud Security 2.0 platform and are persistently targeting specific industries.
• Attack Resource Risk IPs: IP resources frequently utilized by hackers to initiate various attacks. This intelligence is gathered from external sources, with IP types mainly including proxy servers, cloud service providers, IDC providers, and open-source black IP reputation databases.

Configure Threat Intelligence

1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
2. Go to the Security Settings > Policies.
3. Find the hostname for security policy configurations, and click .
4. Go to Threat Intelligence tab. If this policy is off, turn it on.

Use Threat Intelligence

• Find the type of threat intelligence you want to handle and select the action you need to execute.
• Click Publish Changes to make the configuration take effect.

Add the Whitelist for Threat Intelligence (IP/ASN/Request Header Field/Key-Value Pairs)

• Click Whitelist Configuration to display the whitelist configuration entry.
• Enter the whitelist of IP, CIDR, ASN, or request header that needs to be bypassed on the page. Multiple conditions are combined using the ‘AND’ operator. Click Save.
• Click Publish Changes to make the configuration take effect.