Visibility That Drives Action
Threat Intelligence
Leverage validated, actionable threat intelligence to protect your business at any scale.
Data-Driven, Actionable Intelligence
Netcraft Threat Intelligence Capabilities
Our global threat feeds cover more than 100 threat types, including phishing, malware, and scams targeting any brand or institution, for clients and non-clients alike. These feeds are licensed broadly by the most popular web browsers and antivirus companies. Each day Netcraft protects billions of people against cyber attacks, often within minutes of detection.
Deploy an automatic array of countermeasures upon threat detection across multiple platforms and monitor to block threats in near real-time.
Let Netcraft intentionally be the first victim. Our peer-to-peer scam intelligence proactively detects and intercepts scams through encrypted conversations before they can harm your customers.
Steps to Combat Brand Threats
Disruption at Any Scale
Netcraft’s digital risk protection platform covers 100+ cyber attack types including phishing, malware, investment scams, advance fee fraud, and much more. Some of the following are the most prominent threats experienced by clients.
Unmatched Scale and Effectiveness
Frequently Asked Questions
What is Netcraft’s threat intelligence?
We process reports from our cybercrime detection platform, including our reporting community, industry and partner feeds, large-volume spam email datasets, and customers’ own reporting mechanisms — covering enterprises and governments, large and small — alongside our own discovery techniques. Suspicious URL feeds are typically very high volume and have a low signal-to-noise ratio: validation prior to blocking is essential.
A sophisticated automated classification system then confirms the attack type and attributes it to an impersonated entity. We handle a very wide range of cybercrime, including phishing, malware, and malicious JavaScript. Our analysis is heavily automated and operates without intervention around the clock, with manual involvement limited to edge cases, high-risk blocks, and for the purpose of improving future automated classification.
Once confirmed, threat data is included in our threat intelligence feeds, and our clients can begin the disruption and takedown process. Our threat intelligence feeds are widely licensed by browsers, antivirus companies, and internet infrastructure providers, protecting billions of people from cyber attacks while the takedown process is ongoing.
How do you validate threats?
Netcraft’s analysis is heavily automated and operates without intervention around the clock, with manual involvement only required for a tiny minority of edge cases, high-risk blocks, and for the purpose of improving future automated classification.
This includes:
A global network of fetch locations that are intelligently selected to defeat criminals’ attempts to restrict access using IP blocking
Rule-based matching across thousands of potential target organizations
Automatic classification based on previously seen phishing content
Machine learning based on previous classification by rule-based or human classification
Proactively interacting with forms using a headless web browser, submitting realistic data and exploring multi-stage attacks
How can my organization benefit?
As Netcraft’s threat intelligence feeds are truly global and cover impersonated organizations, whether they are customers or not, our feeds are used by browsers, antivirus companies, internet infrastructure providers, and impersonated enterprises themselves.
Threats impersonating your brand can be sent for disruption and takedown, and those which may affect staff members — like email and work collaboration platforms — can be used within your information security team in SIEM products and to block access within browsers with our apps and extensions.
How do you prevent false positives?
Netcraft operates both human and automated false positive fail-safes for high-risk potential blocks. Netcraft’s decades of experience exploring the internet allow us to rely on hosting provider data and other sources of intelligence on legitimate organizations’ own infrastructure. Where there is reason to be cautious, we require a second human verification before blocking.
Who else contributes to Netcraft’s threat intelligence?
Netcraft collates and validates reports from many of the world’s largest banks, threat intelligence providers, and anti-cybercrime organizations. Netcraft also recovers URLs from ongoing analysis of malicious email attachments, many of which serve as key infrastructure in malware operations.
