Stop Bad IPs Continually with GoAnywhere’s Threat Brain

In today’s cybersecurity environment, every bit of proactive defense helps to deter bad actors from entering and hanging around with potentially malicious intent. As a countermeasure, GoAnywhere MFT recently integrated Threat Brain – unique built-in threat intelligence feature which aggregates indicators from Fortra’s deep portfolio of cybersecurity solutions to continuously identify and block IPs with bad reputations or malicious intent before they enter the MFT environment. 

Proactive Security Video Highlights

A detailed explanation of the Threat Brain for Managed File Transfer feature follows, but you can also get the highlights by checking out our quick video tour (it’s just over two minutes) to see how proactive security continually works to protect your MFT environment and data.

Why Proactive Security Matters

“Getting ahead of a problem is a much better strategy than reacting to an issue after the fact. This same basic principle applies to the MFT sector, where traditional threat intelligence is reactive versus proactive against cyberthreats,” said Chris Bailey, Senior Product Manager for Fortra MFT solutions.

“Repeatedly, we hear about organizations using traditional MFT solutions being attacked with Brute Force or Denial of Service attacks that, while detected automatically, the detection came only after the system was breached,” Bailey added. “In many cases these attacks are only detectable through manual inspection of activity logs, when it is simply too late to prevent damage.”

In addition:

• If solutions are not continually checking for bad IP addresses, unknown vulnerabilities can be exploited or remain undetected, which can lead to Zero Day incidents.
• MFT service endpoints can be systematically probed by cybercriminals to evade automatic IP blocking mechanisms and mask their trail.
• Exploited vulnerabilities can be easily replicated across deployments, creating a more severe, domino effect with traditional MFT solutions.  

Proactive MFT Security Highlights

While the problems of traditional MFT are fairly evident, the benefits of MFT that includes a proactive security feature, such as GoAnywhere MFT with its built-in Threat Brain, are notably evident, as this solution includes capabilities and features no other solution offers:

1. IP addresses are continuously re-verified: Without a feature such as Threat Brain, other MFT solutions do not conduct ongoing monitoring of IP addresses once allowed. GoAnywhere however, checks IPS with every new session to ensure it remains safe. What this means is:

• IP reputation checks are conducted for incoming HTTP/S connections, AS2, and AS4 protocols
• These checks are executed on the GoAnywhere Web Client and via API and API endpoints.
• IPs are automatically blocked if they have low reputation scores. (Adjustable sensitivity settings allow for customization of threat detection and provisioning allows for exceptions in case of false positives)
• If an IP address with a low reputation is blocked, an admin can add an exception to allow for remedying the situation.

2. Access to a massive database of threat intelligence: GoAnywhere is able to benefit from the broad cybersecurity portfolio of Fortra, which creates a continual feed into the threat intelligence database of anonymized threat data. This collected threat data is unmatched in the MFT marketplace.