Malicious IP Profile

Additional security protections can be enabled to prevent communication from and to known malicious IPs. These malicious IPs are defined by Trustwave and integrated into Multicloud Defense as a security profile ruleset. The ruleset is updated frequently as updates are made available by Trustwave. The updates can be either dynamically or manually applied to a policy ruleset using the automatic update configuration or manual update configuration. For more information, see Create a Malicious IP Profile.

Note

Malicious IP are identified by Trustwave based on various learned behavior:

  • Malicious attackers identified from web honeypots

  • Botnet C&C hosts

  • TOR exit nodes

  • Other learned behavior