TCPWave's Threat Intelligence

TCPWave's Threat Intel framework provides comprehensive traffic management and security that continuously monitors malicious behavior to help organizations protect their dynamic workloads.

Customer Testimonial

  • Security is like skating on thin ice; as clients and technology modernize, the ability to monitor, detect and respond to risks imposes different challenges. Therefore one must apply overarching practices to every single area of security. TCPWave's DNS TITAN is one of the efficient frameworks that helped us evolve the threat models and objectives to scale up the security operations.

    Andrea Jackson, CIO

Key Components

TITAN Machine Learning

In-House built tunnel detection Machine Learning (ML) algorithms trained using millions of records and varied DNS data help detect the malicious DNS traffic flowing through the DNS pathways in one's organization.

T-Zeek Intrusion Detection System

The T-Zeek technology is an integrated part of TCPWave's network security management model. It observes the network traffic on port 53 and helps to correlate abnormal DNS behavior.

T-Suricata Intrusion Detection and Prevention System

Titan leverages a highly scalable and multi-threaded IPS technology known as T-Suricata. It identifies attacks and reaches out onto the network, and disrupts traffic it marks as suspicious.

DNS Response Policy Zones

TCPWave IPAM integrates with the DNS Response Policy Zones (RPZ). It is a layer-7 firewall that blocks Malware, Phishing, etc. TCPWave supports various external RPZ feed providers such as ThreatStop and SpamHaus are supported.

IPTables based firewall

TCPWave IPAM DNS appliances have an inbuilt firewall based on IPTables that enables packet filtering capabilities.

DNS Access Control Lists

DNS Blackhole mechanism denies malicious clients from querying the mission-critical DNS infrastructure. TCPWave IPAM allows the network administrators to restrict the source IP addresses that can query DNS.

Comprehensive reporting

TCPWave IPAM provides in-built DDI reporting framework. It helps the network risk management teams visualize the DDI resource's utilization trends, such as the DNS queries, DHCP leases per second, cumulative traffic analysis, anomaly detection, etc. TCPWave Reporting Engine can deliver rich content onto the screen, printer, PDF, Excel, and CSV files. TCPWave Reporting engine supports Send or Schedule Email functionality, which sends the PDF report to the selected contacts.

Resources

Whitepaper DNS Titan Security Overview and Configuration

TCPWave's DNS Titan End-User Security uses threat intelligence information from Spamhaus in the form of RPZs to prevent users from accessing malicious sites.

Whitepaper Domain Generation Algorithm

Detecting DGA's is a great challenge in the security vertical, so early detection is essential in fighting malware families that use domain generation algorithms. Learn how TCPWave's DNS TITAN solutions help to combat the DGAs.

Whitepaper Improve Security Using Suricata Threat Protection in TCPWave

Protect DNS appliances and users from DNS-based attacks, including from malicious websites, by using Suricata, a high-performance rule-based network threat detection and prevention system.

Whitepaper TCPWave's Approach To Protective DNS (PDNS)

Paul Mockapetris's invention of the Domain Name System (DNS) in 1983 didn't have its security aspect in mind.

Whitepaper Log4Shell - A Zero Day Vulnerability

Learn all about Log4Shell - A Zero Day Vulnerability !! - How it works, How to fix it!!