Living, breathing threat intelligence.
Leveraging data from our network of Sentinel devices and other trusted InfoSec sources, CINS is a threat intelligence engine that provides an accurate and timely score for any IP address in the world. It also provides a layer of protection you can’t get anywhere other than the Sentinel IPS.
What is CINS?
As our base of Sentinel IPS units has grown, we’ve come to realize that the attack data we gather has significant value, both to our own customers and to the community at large. Collective Intelligence Network Security (CINS) is our attempt to use this information to significantly improve the security of our customers’ networks and provide valuable information to the InfoSec community.
Here’s how it works. Our CINS system is constantly gathering attack data from each of our Sentinel units in the field. This data is used to calculate a CINS Score for every IP that is flagged by our system. Much like a FICO score is meant to show you at a glance the quality of your credit, the CINS Score is designed to show you the quality – the trustworthyness – of an IP address. In addition, the IP’s WHOIS information, country of origin, and the nature, frequency, and breadth of its attacks across the Sentinel network are listed with the score. This level of detail is hard to replicate without an existing network like the Sentinels’, and we believe this information adds tremendous value to our customers.
We don’t only trust ourselves to produce these scores. There are many great resources out there with information about IP addresses. We tap in to some of the most popular and respected sources, and we believe that combining the information from these sources with our own attack data provides a more accurate overall assessment of an IP than a single source alone.
How does CINS protect Sentinel networks?
Through CINS, we can identify several classes of ‘bad’ IP addresses. For instance, IP addresses tend to have certain ‘personalities’ … Perhaps one IP from China gains a reputation as a scanner, or maybe a certain Russian (or American) IP is prone to attacking remote desktop vulnerabilities. Of course, there are IPs all over the world that are flagged as command and control servers for malware botnets. All of these characteristics play a role in an IP’s score.
We are constantly analyzing this data, and from our research we’ve identified certain groups of IPs – based on our specific score factors – that are malicious enough to be blocked immediately. This threat intelligence generated by our CINS systems is continuously fed back out to our Sentinel network, giving each our our Sentinel customers bullet-proof protection from some of the baddest actors on the planet.
This is living, breathing threat intelligence, constantly evolving with the nature of the traffic we see across our network. In effect, all our Sentinel customers work together to strengthen the security of each and every one of their own networks. It’s a unique benefit only Sentinel and CINS can provide, and we’re pretty proud of it.
How can I access CINS Scores?
Currently, CINS Scores are only available to Sentinel customers, through the Sentinel’s web interface. That may change in the future as the CINS system matures … In fact, we’re hoping to offer CINS to the public in some form; honestly, we’re just not sure what that looks like yet.
We do offer a portion of the CINS scores in the form of an IP reputation list we like to call the CI Army. Network Administrators that don’t have Sentinels can use this threat intelligence to blacklist these IPs at the network perimeter or load them in to SIEM for analysis.
If you want to learn more about the CINS system, or you want to contribute in some way, please visit our public site for CINS at http://www.cinsscore.com.