In this recurring blog series, we discuss one of the countermeasures in UltraWAF, our Web Application Firewall and Bot Management solution. If you’re not using UltraWAF and protection for your online presence, get in touch with us by clicking the “Speak to Sales” button on the top right corner of our website.
Our featured countermeasure this month is IP Reputation. IP reputation is under the Bot Profile Tab and the Protections sub-tab. It allows you to identify and block source IP addresses based on curated lists that Vercara provides. These lists are designed to minimize false positives by only adding overly aggressive IP addresses. This reduces the amount of overblocking that IP reputation lists produce.
The countermeasure includes 9 different blocklists that you can individually enable or disable. When the blocklist is enabled, you can choose to log or log and drop the traffic.
- Botnets: endpoints reporting into a botnet and the botnet command and control IP addresses.
- DDoS: IP addresses observed participating in DDoS attacks.
- IP: a category that contains all of the other blocklists to simplify turning on all protections.
- Mobile Threats: IP addresses for unwanted mobile applications.
- Phishing: endpoints that host phishing websites.
- Proxy: IP addresses that function as an anonymous proxy.
- Reputation: endpoints confirmed to be infected with malware.
- Scanners: IP addresses that are confirmed to be operating vulnerability scanners.
- Spam Sources: endpoints that have been observed sending spam.
Vercara recommends that the following IP Reputation categories are enabled and set to drop traffic by default:
- Botnets
- DDoS
- Proxy
- Scanners
To learn more about our UltraWAF solution, please visit our product page.
