Feedback

Firyx

[ Log On ]

Overview

Firyx Threat Detection is a service for Windows 2008 Server which tracks IP addresses that have been used for attacks.

Firyx Threat Detection provides a way to share threat information across servers and organizations to map current "bad neighborhoods" on the Internet. You can then configure rules to preemptively block attack in Windows Firewall based on threat information from other servers.

Currently Firyx detects and prevents brute force dictionary attacks against open services. These attacks clutter your server logs, and waste valuable processor time and network bandwidth.

Through automated crowd-sourcing of threat information, we hope to reduce the value of utilizing IP addresses for dictionary attacks, and increase the overall costs to hackers for launching attacks.

Attacks against your server have direct operating costs from network bandwidth and server processor uses. By dynamically firewalling your server, you can dramatically reduce the impact of these threats. The statistics below are based on the threats reported to the Firyx Service.

Type Average # of Attempts / Attack
FTP 6833
SQL Server 1144
Windows RDP 420
Blocked by Firewall 173

The Firyx Threat Detection Service works by scanning your server logs for possible attacks on services like Remote Desktop (Event 4625), FTP, and SQL Server Server (Event 18456). IP addresses are then reported back to a central database which can then be used to block attacks on multiple servers.

Firyx works by coordinating threat information in 4 phases:

  • Detect a threat by scanning various system logs.
  • Report the threat back to the Firyx Service.
  • Warn other servers of the threat.
  • Block attacks before they can occur by dynamically updating firewall rules.
Firyx Overview

Get Started!

Contact Us

Submit