Release 2 Innovation (R2i) developed Known Networks® to move beyond point-based approaches (such as blacklists and reputation services) to identify and characterize networks across the entire internet. Our clients use Known Networks® to quickly get ‘out of the weeds’ and focus on targeted portions of network traffic, both inbound and outbound.
Organizations today are faced with an increasing number of cybersecurity threats, with an asymmetric payoff profile – the threat need only succeed once, while the defense must succeed every time. These threats are hidden among large, continuously growing levels of network traffic, within a large address space, which is set to grow with IPv6. The difficulties are compounded by a shortfall in trained cybersecurity personnel, and the proliferation of tools from hundreds of cybersecurity vendors.
Release 2 Innovation (R2i) collaborated with national security programs and commercial partners to develop the Known Networks® data product in 2016. The intent has been to identify and characterize networks across the entire internet. The result is timely and relevant cyber enrichment data, presented in a form that smoothly integrates with the existing infrastructure to include firewalls, Netflow, PCAP, SiLK, audit logs, web traffic and weblogs.
Release 2 Innovations created the Known Networks® data product after identifying the real need for their customers – both government and commercial – to accurately identify and characterize networks in the context of the entire internet.
Known Networks® offers a platform for building innovative network information solutions and services based on its vast repository of detailed information about global networks and the structure of the internet. Known Networks® Web Services allows developers, researchers, security analysts, and insider threat specialists to incorporate information about networks directly into their products and services. Users can access network ranges, tenant organizations, types of services provided, and a wide variety of other functionality and data. Known Networks® Web Services is customizable and extensible, allowing users to add information about customers networks and comment on network ranges.
Known Networks® is constantly being enhanced by our Data Science staff using cutting edge machine learning tools, providing heightened capabilities in content, versatility, and value. In March 2017 alone, R2i provided an increase in coverage (address space) of 14% – approximately 240M of IP address space added – employing methods we expect to continue to yield further improvements. R2i collects megabytes of data each day, steadily expanding our detailed database of network characteristics, made possible using extensive cleaning and cross-correlation.
Most recently, Known Networks® demonstrated a 90% reduction in non-actionable and false positives; this greatly enhances an organization’s posture by quickly filtering irrelevant data.
Datasets are currently provided to clients via weekly or monthly downloads, or import to a network appliance. R2i can provide optional data feeds for ransomware, as well as public and non-public TOR data for enhanced threat protection.
- Ransomware Data Feed provides a database of confirmed ransomware IP addresses and domain names, enabling clients to block them and pre-empting a threat before infection.
- The TOR Data Feed provides threat intelligence for both public TOR nodes (published, 70%) and non-public (hidden nodes, 30%).
In a world of constantly expanding cyber threats, Known Networks® enables powerful, unparalleled filtering by combining your existing cyber data with relevant, timely and enriched data.