OneFirewall Intelligence

Visit the OneFirewall Intelligence Page OneFirewall offers premium, actionable threat intelligence to enhance your organization’s cyber threat prevention strategies. By leveraging shared intelligence, organizations can reduce the need for additional security tools and services, minimizing reliance on internal security resources.

Threat Intelligence Feeds

OneFirewall provides various Indicator of Attack (IoA) feeds, including:
  • IPv4: A dynamic list of malicious IP addresses identified through suspicious traffic patterns, known malware sources, and blacklisted addresses.
  • Files: Analysis of file hashes (MD5, SHA1, SHA-256) to detect malicious files, aiding in proactive detection and defense strategies.
  • URLs: Monitoring and analyzing web addresses for malicious activities using reputation scores and behavioral patterns to enhance cybersecurity defenses.
  • Domains: Tracking and analyzing fully qualified domain names (FQDNs) to identify malicious ones through patterns, historical data, and reputation analysis for proactive cybersecurity measures.

Threat Intelligence Sources

The OneFirewall World Crime Feeds (WCF) Platform aggregates threat intelligence from multiple sources, including:
  • Cyber Threat Alliance: A collaborative group of cybersecurity organizations sharing threat intelligence to improve defenses.
  • OneEye Forecast: OneFirewall’s private honeynet providing insights into emerging threats.
  • Additional Sources: Contributions from over 135 entities, including Checkpoint, Fortigate, AlienVault, Juniper Networks, SonicWall, and more.

Threat Intelligence Feeds

OneFirewall’s DataLake is continuously enriched by a diverse and dynamic set of threat intelligence sources. As of today, there are over 135 unique sources contributing to our threat intelligence ecosystem:
  1. Cyber Threat Alliance (30+ member organizations) – 1 source
  2. DeceptionGrid (OneFirewall’s Honeynet) – 1 source
  3. AI/ML-Based Inspection (OneFirewall’s proprietary models) – 1 source
  4. OneFirewall Security Operations Center (SOC) – 1 source
  5. Publicly Available Threat Feeds – 49 sources
  6. Private Intelligence from Security Partners – 7 sources
  7. Extended Alliance Members (Active contributing customers) – 75 sources
Note: The number and distribution of feeds may vary over time based on real-time activity and partner contributions.

Data Quality

As a member of the Cyber Threat Alliance, OneFirewall ensures that all data is meticulously validated to maintain unparalleled quality. This commitment provides exclusive access to cutting-edge threat intelligence from all CTA members.

Impact of the OneFirewall Alliance Platform

The OneFirewall Alliance Platform (WCF) facilitates real-time sharing of threat intelligence, pooling data from diverse sources to enhance organizations’ understanding of cyber threats. This collaborative approach enables:
  • Quicker, more effective responses to attacks.
  • Broader perspectives on emerging threats.
  • Reduced overall security costs.
By leveraging shared intelligence, organizations can proactively identify vulnerabilities, enhance decision-making, and collectively mitigate cyber risks. In a landscape where cyber threats are escalating, a shared intelligence platform like WCF becomes essential for organizations to stay ahead.
For more information or to get started with OneFirewall’s threat intelligence solutions, visit their Intelligence page.