Don't be the last to know if your website, domains or IPs show up in a blacklist, Pastebin, or third party IP reputation database. Check out this quick overview of AlienVault’s OTX Reputation Monitor Alerts. OTX Reputation Monitor Alert service is a free service to monitor the reputation of your public domains and IPs. You’ll not only receive alerts if one of your assets is potentially compromised or used in attack, you’ll also receive our free monthly threat intelligence alert newsletter. Exactly what you need to be the master of your domain.
8. OTX Reputation Monitor Alert – free service
What is AlienVault’s OTX Reputation Monitor Alert?
Leveraging the world’s only open and collaborative IP reputation database,
AlienVault’s OTX Reputation Monitor Alert monitors the reputation of your assets
(public IPs and domains) and emails you notifications whenever there are changes.
What threats does it
uncover?
Malware Infections
Spamming Hosts
Malicious Activity
Potential Breaches
Compromised Websites
Hosts being used
for Botnets
8
9. 9
Where are we monitoring for you?
These events will trigger an alert:
OTX IP/Domain Match
Presence in Pastebin/Pastie
Presence on a DNS Blacklist
DNS Registration Update – informational only
SSL Certificate Update – informational only
10. 10
How does the service work?
1. Sign up via our OTX portal.
2. Register your organization’s public
IPs and domains.
3. When there’s a match on one of our
alert types, we’ll email you an alert
with more information and
remediation advice.
4. You’ll also receive our monthly threat
intelligence newsletter.
Registration takes just a few minutes…
12. 12
The Power of the “Crowd” for Threat Detection
Cyber criminals are using (and
reusing) the same exploits against
others (and you).
Sharing (and receiving) collaborative
threat intelligence makes us all more
secure.
Using this data, identify, flag and
block known attackers by source IP
addresses.
Organizations can’t build this
“neighborhood watch” infrastructure
on their own… that’s where
AlienVault comes in…
12
Source: http://www.cityofhemet.org/images/pages/N294/
Neighborhood%20Watch%20Sign.jpg
14. What is Open Threat Exchange (OTX)?
An open and collaborative initiative for security
professionals to connect with their peers, find free tools
for security monitoring, and learn about the latest threats
and defensive tactics from security researchers.
Open source threat intelligence projects and services including
OSSIM and OTX Reputation Monitor Alert
Centralized place for these rich resources:
OTX Projects
OTX Blog
OTX Forums
OTX Learning Center
14
8,000+
contributors
140+ countries
15. Kramer’s out. But there’s still hope for you.
Source: http://home.swipnet.se/~w-44777/kramer2.jpg
16. Sign up now!
Several ways to do it:
• Scan the QR code on the card
• Use one of our demo “tables” in
the booth
• OR go to:
www.alienvault.com/blackhat-otx
The AlienVault OTX Reputation Monitor enables end users to verify the security (or “reputation”) of their publicly addressable IP range(s). This allows immediate notification of Malware InfestationsSpamming HostsMalicious ActivityPotential BreachesCompromised WebsitesHosts being used for BotnetsRegistered users can instantly check their IP address range(s) and domains against the AlienVault OTX database as soon as they register. Additionally, registered users will receive instant notifications should those IPs ever show up in the future. In addition to instant alert notifications, registered users will also receive monthly threat intelligence reports via email.
Pastebin/Pastie Alerts - we monitor hacker forums such as paste bin/pastie and a few other sites to see if we ever find the domains/IPs posted. These sites are often used to store the output from recon tools and as the destination for data exfiltration. We will provide the specific link to where this information is found within the alert. OTX IP/Domain Match - we immediately and continually look for matches between the IP addresses/domains that the user entered and those in our OTX database. DNS Blacklist – we look for the registered domain names in any public blacklist.DNS Registration Update – we look for changes to the DNS registration information. This can be an indicator of someone hijacking the domain or could be a routine change of the ISP – either way, we alert the user.SSL Certification Update – we look for updates to the SSL certificate. This can be an indicator of someone compromising your website and trying to intercept traffic or could simply be a routine change of the ISP.
This is a very simple four step process, all enabled through a web-based portal designed to be a “one-stop-shop” for all resources available to the AlienVault Community (Forum, Knowledge Base, etc). After registering, users enter the IP addresses owned by their organization, and these are checked against our OTX database as it is updated. If there is an “instant” match, then we provide information on the observed issues, along with some basic remediation suggestions. If there’s no match, we provide verification to the user that their IP addresses and domains are not in our database, but that we will continue to monitor them, and send them immediate notifications if their public IP addresses or domains ever show up in the OTX database. We will also send them monthly threat intelligence emails outside of the context of these alerts.