• Attack Surface Monitoring
  • Nov 2, 2021
  • By QOMPLX

Attack surface risk signals: IP reputation

Attack surface risk signals: IP reputation

In this installment of our attack surface risk signals series, we cover IP reputation as a risk indicator

One of the clearest indicators of risk associated with a domain is an active connection to known malicious infrastructure on the Internet, such as communications with- or involvement with Command and Control (C2) servers used to manage deployed malware. Evidence that IP addresses associated with your organization have been communicating with known C2 infrastructure is a red flag for organizations, suggesting the presence of compromised systems within your environment. So too is involvement of systems within your organization in active C2 networks.

Organizations that track the “reputation” of IP addresses look at a variety of factors in calculating a reputation score. For example: IP address involvement in spam distribution will negatively affect its reputation score, as will participation on malware command and control networks. IP reputation services can help organizations determine whether a given address is- or has been associated with known, malicious activity.

By actively monitoring these databases for the presence of IP addresses belonging to your organization, you can assess whether systems within your environment or adjacent infrastructure have been compromised and take steps to address the risk posed by compromised endpoints and servers.

Q:SCAN checks for IP reputation and malware indicators

Q:SCAN leverages leading IP reputation APIs to check the reputation of each designated IP address within protected environments. Q:SCAN assigns IP addresses a risk score based on the reputation associated with these addresses as well as shared IP space like CDNs. IP address scoring takes into account both historic and current IP reputation scores, with more recent scores weighted more heavily. Additionally, the reputation score takes into account the type of activity detected -spam distribution versus malware pinging and adjusts the score accordingly.

You might also be interested in

MDR-Why does my organization need it?

MDR-Why does my organization need it?

Steve Nestler, Sales Engineer, discusses what MDR is as a technology and what the value proposition is for Small and Medium sized businesses (SMBs), and how it can help these organizations strengthen their current infrastructure against attack vectors and Bad Actors.

Read more
Lessons from the Medibank breach

Lessons from the Medibank breach

Ming Fu, a member of the Americas Pre-Sales Engineering Team at QOMPLX, looks at the much publicized Medibank breach in Australia last year, and draws a few much needed lessons based on the published findings of this breach.

Read more
Attack surface risk signals: DMARC and SPF records

Attack surface risk signals: DMARC and SPF records

DMARC and SPF records are a key to protecting domain integrity and preventing phishing attacks and spam campaigns from leveraging your good name.

Read more
Request a Demo

Interested in learning more?

Subscribe today to stay informed and get regular updates from QOMPLX.