NSFOCUS Threat Intelligence (TI)

Partners / Technology Partners / NSFOCUS / Threat Intelligence (TI) >

Modern day cyber criminals are more sophisticated, organized, skilled and persistent than ever. The threat actor landscape has evolved from single individuals with a hobby and an agenda, to include cyber-terrorists, cyber-criminals, professional hackers, hostile nation states, rival companies. Even unwitting employees, customers, partners and private citizens’ internet connected devices have become compromised. At the same time, new vulnerabilities are discovered daily in protocols, operating systems, networking devices, and applications. Keeping pace with threat actors and new threat vectors created to exploit these vulnerabilities, is a daunting task. As a result, despite significant investments in network and application security, organizations continue to experience disruption of online systems and costly data breaches.

NSFOCUS Threat Intelligence (NTI) Subscription Service provides you with actionable intelligence that minimizes your risk and improves your overall security posture.

Global Threat Intelligence – Including North Asia
The NSFOCUS TI Subscription Service provides complete visibility into the global threat landscape. Because as much as 40% of the world’s hacking activity originates from countries like Vietnam, China, and Korea, without having local sensors, honeypots and real-time access by threat researchers, you do not have a complete picture. This increases your vulnerability to new threats originating from this part of the world. The NSFOCUS Security Lab is an internationally-recognized cyber-security research and threat response center at the forefront of vulnerability assessment, threat detection, and mitigation research.

A worldwide team of researchers and engineers creates the threat intelligence at the core of the subscription using data from around the world, including NSFOCUS monitored sensors, honeypots and managed networks in China. This team has access to information not readily available in other subscription offerings, and allows us to provide our customers with the most complete view of the evolving threat landscape possible. Having access to this unique intelligence enables our customers to implement countermeasures quickly to protect their critical assets.

Global Threat Intelligence


Minimize risk, improve security, and protect valued assets with actionable threat intelligence

Improved visibility into North Asia threat landscape including countries like Vietnam, China, and Korea.

Simplify threat hunting initiatives by identifying new and emerging threats

Key Features

Cloud based Forensics Portal for in-depth analysis of threats

Ability to upload suspicious files for automated malware analysis

Extensive sensor and honeypot network

Access to strategic reports reporting on campaigns, threat actors, and threats related to your industry

Standards-based API for 3rd party integration


Actionable Threat Intelligence
Simply researching, understanding, analyzing, and reporting on new threat actors, vectors, and motivations is not sufficient to provide comprehensive security. In order to provide value, the intelligence must be actionable and incorporated directly into security policies to actively block intrusions. The NSFOCUS TI Subscription Service provides access to IP reputation, malicious Web/URL, command and control, and malware data feeds. These feeds have been integrated into all NSFOCUS products.

Threat Intelligence Data Feeds
The NSFOCUS data feeds themselves provide information in four crucial areas, and are delivered worldwide by strategically located NSFOCUS Cloud Centers:

  • IP Reputation Data Feed 
    This is a list of IP addresses that have earned a negative reputation through involvement in suspicious activity, including phishing attacks, spam, botnets, DDoS attacks, APT attacks, and more.

  • Malicious Web/URL Data Feed
    This is a domain reputation list that includes malicious websites that are the source of malware or phishing attacks.

  • Command & Control Data Feed
    This is a set of IP addresses that are known to control botnet armies used to take services offline. This feed is used to prevent your own resources from participating in a cyber-attack, as well as conserving your compute and network resources.

  • Malware Data Feed
    This is a set of MD5 file hashes that can be used to identify malware in email or file transfers, as well as stored data.

All feeds are updated regularly with the latest threat intelligence information and the update interval is user configurable. They are also available in JSON and XML formats, in addition to STIX and TAXII for integration with 3rd party security products.

Integrating these real-time threat intelligence feeds directly into your security infrastructure enables you to update your security policies automatically and dynamically to minimize your window of exposure and reduce your overall risk. Once a threat is discovered, you can apply this information into your NSFOCUS On-Premises DDoS Defenses to actively block all traffic originating from malicious sources. This information can also be applied to supporting 3rd party security products. These feeds enable you to implement a proactive, dynamic, and adaptive security model that improves upon the static, preventive models of the past.

Ordering Information
Subscriptions for NSFOCUS Data Feeds can be purchased individually or as a bundle. Enterprise capacity licensing is available and additional discounts are provided for subscription customers who opt-in to provide anonymous data back to NSFOCUS Security Labs researchers.



In addition to the Threat Intelligence Data Feeds, users also have access to the NSFOCUS Threat Intelligence (NTI) Portal as part of the offering. With the NTI Portal, users can:

  • Gain additional insight into various threats/threat actors
  • Research IP, domain, vulnerability, and/or malware Hash
  • Create customizable views, searches, and results
  • Upload logs for automated threat hunting
  • Upload malware for automated analysis
  • Monitor/track IP addresses with automatic notification

Download Request for
NSFOCUS Threat Intelligence (TI) Datasheet

Please enter your details to sign up to our mailing list and the download will be emailed to you shortly.

Download Request for
Votiro Secure File Gateway for Email

Please enter your details to sign up to our mailing list and the download will be emailed to you shortly.

Our website uses cookies to provide a better user experience, improve our services and our website’s functionality. By continuing to use our website, you consent to the use of cookies and agree to our Privacy Policy and Terms of Service.