Q. What are the essential Shadowserver Foundation services that any organization subscribes to free of charge?
The Shadowserver Foundation provides a wide range of essential cybersecurity services free of charge to organizations globally. These services focus on improving internet security by collecting, processing, and sharing cybersecurity data. Here are the key services that organizations can subscribe to free of charge:
1. Daily Network Reports
Shadowserver provides detailed, daily reports to organizations regarding malicious activity observed on their networks. These reports can include information on:
- Compromised devices (such as infected or vulnerable systems)
- Open ports or misconfigured services
- Attacks detected originating from an organization's IP range
- DDoS amplification reports
- Malware infection reports (botnet activity, phishing attacks)
2. Vulnerability Reports
Organizations receive notifications of vulnerabilities within their infrastructure, including outdated software versions, misconfigurations, and exposed services. The reports are based on global scans that Shadowserver performs to identify security risks.
3. Sinkhole Reports
Shadowserver operates sinkholes to capture and analyze traffic from infected or compromised devices. Organizations can receive reports if their IP addresses are observed in malicious traffic directed toward these sinkholes, helping them identify compromised systems.
4. Botnet Detection Reports
Shadowserver monitors botnet activity globally and provides detailed reports to organizations about infected machines within their network. These reports help organizations clean up and protect their systems from further exploitation.
领英推荐
5. DDoS Attack Reports
Organizations can receive reports on Distributed Denial of Service (DDoS) attack traffic, especially if their networks are observed being used as amplifiers or relays in such attacks. This helps to mitigate DDoS risks by closing down exploited services or infrastructure.
6. Malware and Phishing URL Feeds
Shadowserver provides information on malware samples and malicious URLs (like phishing websites) seen globally. Organizations can use this data to block access or take proactive steps to prevent compromise by these threats.
7. Exposed Service Scans
Shadowserver conducts scans to detect exposed services that attackers may exploit (e.g., open SMB, Telnet, or FTP servers). Organizations are notified when these vulnerabilities are detected on their network, allowing them to quickly address the issue.
8. Open DNS Resolver Reports
Shadowserver identifies open DNS resolvers in an organization’s network, often exploited in DDoS amplification attacks. They provide specific reports to help close such vulnerabilities.
9. Passive DNS Monitoring
Shadowserver also offers passive DNS data collection, providing visibility into DNS queries and helping detect anomalies in DNS traffic, which can indicate infections, data exfiltration, or other malicious activities.
10. Sinkhole/Botnet Hosting
Shadowserver hosts sinkholes for law enforcement or other entities, assisting in monitoring and disrupting botnets. Organizations can benefit from the data generated to protect themselves from botnet-related threats.
These free services are invaluable for organizations looking to strengthen their cybersecurity posture. They provide actionable intelligence that can directly reduce cyber risks. Organizations can subscribe to these services through Shadowserver's website, and they will receive daily reports tailored to their specific needs.