Many businesses prefer to use blocklists prepared by external intelligence agencies to save the time of generating this data themselves. Also, to get as much exposure and intelligence of the threat landscape as possible. However, this blocklist information can be sent in various formats, making utilizing them a challenge.
Luckily, FastNetMon is a flexible blacklisting feed filtering tool that supports a vast array of formats to receive, consume, and use blocklists from different intelligence feed providers. FastNetMon then enables you to block specific malicious and dangerous hosts using blocklist-based filtering.
Two of the most common formats that FastNetMon supports are:
Blocklists stored on Amazon S3-based storage
Blocklists that are available across HTTP or HTTPS protocols
How Does Blocklist-Based Filtering Work Using FastNetMon?
First of all, there are two ways to create a blocklist:
Today, many of these intelligence feed providers specialize in specific types of threats, such as malicious hosts, hosts with adult content, or hosts with pirated content. These providers ensure their lists are kept up-to-date, making life much easier for their customers.
When FastNetMon connects with the blocklist the first time, it downloads all information on its internal list. Once the blocklist data is received, a special FastNetMon BGP daemon announces this information on all your routers.
Based on the information on these blocklists, routers can take action to block hosts on the lists from accessing your network. Access from your clients to these hosts will also be forbidden.
Simultaneously, the FastNetMon will check your copy of the blocklist against any new information from the intelligence feed providers’ blocklists. If new or updated information is found, it will write it to the internal list and announce the new blocked hosts to the routers. You can configure how frequently you want the robot to check this information for optimal performance.
Hosts will also be unblocked from your malicious filtering traffic if they have been removed from the block list.
This approach effectively detects various types of security threats, such as malware, phishing, spambots, etc. Your network, routers, and customers will be fully protected by being shielded from connecting to and being connected to by dangerous hosts.
Not only does FastNetMon support a large number of intelligence feed providers, but it can also handle multiple feeds simultaneously. FastNetMon will combine the information from these separate blocklists into a master blocklist for filtering traffic with the most comprehensive threat coverage.
These blocklists can even be in different formats, such as S3, HTTP, or HTTPS. The only restriction is that the blocklist should only contain the individual IP addresses of hosts you would like to block as it doesn’t support long-chain addresses with many IPs.
Enhance Your Threat Detection Coverage With FastNetMon
FastNetMon is not only a convenient, fast, and versatile tool for block-based filtering but a full-suite DDoS protection and mitigation service. You can try FastNetMon’s lightning-fast detection at no risk with a free trial. Our support staff stands ready to support you in implementing and configuring your FastNetMon solution for optimal operation.