As anyone who reads the technical, financial or even the general news is aware, May has not been a good month for Internet security. We started with Sony which appears to have been comprehensively "PWNed" by one of more groups of criminals and we end up with the news of Lockheed and PBS joining the list of victims. Needless to say these news reports have led to a lot of our customers (and potential customers) asking whether ThreatSTOP's IP Reputation can save them.

The quick answer is "maybe". Much as our sales people would like me to say 'yes' lingering technical honesty forces me to qualify this. Our IP Reputation feeds will certainly help and they will certainly block a large number of attacks. Moreover since we are faster than other IP reputation sources, we will most likely block more attacks than them. But no unfortunately they are not a magic bullet. Even though we would have stopped the RSA hack, we don't have the details to know whether we would have stop the attacks on Sony or PBS or Lockheed.

What we can certainly do is reduce the attack surface. If you are a company that does no business with Eastern Europe or China then our Geographic block-lists can ensure that your computers don't try 'calling home' to them. Indeed, even if you do business with China it seems likely that you might want to stop, say, your HR database server having a chat with a computer in Shanghai. And that applies even more if the address in Shanghai is that of a computer known to be a botnet C&C host or similar.

Likewise just because you use VOIP and have an IP PBX doesn't mean that you want someone on our VOIP Abuse list connecting to it because the chances are high that the connection is not a customer inquiry but an attempt to break in and call Somalia for hours on end. And of course even though your workers need access to almost everywhere to do their job, it would be nice if they don't get infected when they click on a Google image link (yes we block the drop sites - e.g. - no matter what domain name happens to be used).

Most importantly, because the block is on the firewall, there is no need to update thousands of servers and end user computers to get the latest lists and we protect everything, whether it be a server, a workstation or the smartphone that someone hooked up via an unofficial Wifi hotspot under their desk.

On the other hand we cannot protect against a new attacker that we've never met before, and in particular we can't protect against an attacker that only attacks you and no one else. If you annoy one of your customers (or employees) then their attempts to crack your systems and exfiltrate data likely won't be stopped - though we do have a list of anonymous proxies that might help - because they are only attacking you and are otherwise perfectly harmless.

So to sum up. Yes we can help a lot. But no, we aren't perfect and neither is anyone else.