Kentik provides proactive threat intelligence using Spamhaus’ IP data

Getting to know Kentik

Kentik provides network intelligence at scale. That means helping some of the biggest global enterprises and service providers keep their networks operational and safe. With easy-to-use, real time intelligence, Kentik provides monitoring and visibility, analytics, planning and peering, anomaly detection, and DDoS defense.

Companies like Sky, Dropbox, Spotify, and Tesla trust Kentik’s platform to reliably answer any question about their network, in one place, at any time. A one-stop shop to keep networks operational and business moving.

How does Kentik create their intelligence?

Customers securely send over continuous streams of traffic data. This includes data from their routers and switches, telemetry logs, and Border Gateway Protocol data. Kentik then enriches the data with information about infrastructure, apps, routing, and more. From this, Kentik generate their AI-driven insights, available to their customers via their Network Observability Cloud platform.

Creating proactive intelligence

The Network Observability Cloud product was initially built to observe networks and reactively answer questions. A valuable offering with most appliances being restricted in the data they can keep and monitor.

The trouble is, when you’re only looking at your network, you don’t see the external threats that could impact you in the future, or gain the full picture of threats that have affected you already.

Kentik could observe an attack was taking place and mitigate, but the platform could not expose the bigger picture. It could not identify where the attack was coming from, if it was originating from a botnet command and controller (C&C), or what specific devices were communicating with a botnet C&C.

To be better protected, network engineers needed intelligence on what was happening beyond their internal systems; Kentik needed to deliver external threat intelligence.

Securing a data partner

For Kentik, finding an external data provider was reasonably straightforward. The Co-Founders, Avi Freedman and Ian Pye, have exemplary industry experience and a strong understanding of the intelligence landscape – Avi has been in the industry for over 30 years after setting up the first ISP in Philadelphia, and Ian was the first employee at Cloudflare.

With their knowledge, “Spamhaus was the obvious choice. You have a great reputation for reliable and consistent data. We know a number of your expert researchers and, from our customers, of your super low false-positive rate,” shared Avi.

Kentik trialed the Botnet Controller List (BCL) and extended eXploits Blocklist (eXBL). After a successful trial, the data was put into production as part of their Network Observability Cloud product in 2016.

How does reputation data make a difference?

The Botnet Controller List (BCL) allows customers to assess if they have any hosts on their network that have been compromised and are communicating with a C&C server. Equally, the extended eXploits Blocklist (eXBL) allows customers to see the IPs of compromised devices on their network. The eXBL lists compromises resulting from malware, Trojan or worm infections, devices controlled by botnets command and controllers (C&Cs), and third-party exploits, such as open proxies.

Valuable intel, I hear you say, but what makes it proactive?

Kentik’s alerting functionality. Users can wait for a scheduled report… but for those where speed is of the essence, the tool can be configured to send an email or even Slack notification whenever a new host starts talking to a C&C server. Customers can then immediately delve deeper to see the specific IPs that have contacted the botnet C&C. This knowledge gives the customer the specific insight to take instant action and minimize the impact of compromise.

A seriously simple, user-friendly method for proactive network protection that last month stopped thousands of attacks from happening.

And the benefit for Kentik?

Happy customers. It’s as simple as that. The team is passionate about network maintenance and security. Knowing their customers have a product that truly delivers and makes the internet a safer place is a job well done. That’s why they include this functionality as part of their standard package. Brilliant job, team Kentik – we can’t wait to see what’s next!