Firyx Threat Detection is a service for Windows 2008 Server which tracks IP addresses that have been used for attacks.
Firyx Threat Detection provides a way to share threat information across servers and organizations to map current "bad neighborhoods" on the Internet. You can then configure rules to preemptively block attack in Windows Firewall based on threat information from other servers.
Currently Firyx detects and prevents brute force dictionary attacks against open services. These attacks clutter your server logs, and waste valuable processor time and network bandwidth.
Through automated crowd-sourcing of threat information, we hope to reduce the value of utilizing IP addresses for dictionary attacks, and increase the overall costs to hackers for launching attacks.
Attacks against your server have direct operating costs from network bandwidth and server processor uses. By dynamically firewalling your server, you can dramatically reduce the impact of these threats. The statistics below are based on the threats reported to the Firyx Service.
|Type||Average # of Attempts / Attack|
|Blocked by Firewall||173|
The Firyx Threat Detection Service works by scanning your server logs for possible attacks on services like Remote Desktop (Event 4625), FTP, and SQL Server Server (Event 18456). IP addresses are then reported back to a central database which can then be used to block attacks on multiple servers.
Firyx works by coordinating threat information in 4 phases:
- Detect a threat by scanning various system logs.
- Report the threat back to the Firyx Service.
- Warn other servers of the threat.
- Block attacks before they can occur by dynamically updating firewall rules.
- Download and install the Firyx Threat Detection Service.
- Register the server. At the end of installation, you will be walked through the registration process.
- Check your event log configuration.
- Start receiving automatic reports on threats.
- Subscribe and automatically block attacks from IP addresses as they are in progress, or before they occur.