Skip to content

Whalebone Threat Intelligence

Real Difference, Real-Time


If there is one word to define the current global cyber threat landscape, it is the word “fast.” New threats, new techniques, and new vulnerabilities occur all the time. In order to always stay one step ahead of cyber criminals, we face these challenges with new solutions, new algorithms, and new approaches that can include new frameworks and regulatory standards. 

Get a copy of our Threat Intelligence White Paper

Take a deep dive into the threat intelligence engines that provide superior protection to millions of users globally.

threat-intelligence-banner-lp (1)
Threat Intelligence White Paper

Comprehensive Threat Intelligence for Unmatched Protection

TI dlaždice 1-min

Best Combination of Sources

We conduct our own research and combine it with careful and ongoing evaluation of a multitude of sources for best-in-class results.

TI dlaždice 2-min

Unique Position

With the highest number of telco consumer cybersecurity deployments on the market and hundreds of ISP customers worldwide, we get to analyze and interpret immense global Internet traffic.

TI dlaždice 3-min

Tireless Excellence Pursuit

We continuously fine-tune our algorithms based on the traffic we see to ensure absolute up-to-dateness with the lowest possible margin of error, leading to the lowest false positive rate on the market.

TI dlaždice 4-min

Artificial Intelligence

We collaborate with research institutions and academia to bring machine learning threat detection capabilities to the next level. 

TI dlaždice 5-min

Real-Time Updates

We consume all the inputs in real time and instantly propagate the results of our Threat Intelligence efforts to Whalebone DNS Resolvers instead of regular bulk updates.

TI dlaždice 6-min

Regional Threat Intelligence

We zoom in and collaborate with local Threat Intelligence experts, such as CERTS and telco internal security teams, to ensure the best regional Threat Intelligence on the market. 

Whalebone Threat Intelligence Performance

To ensure the highest quality of our Threat Intelligence, we actively compare our engines with different cybersecurity vendors on the market, using data provided by impartial expert sources. We conduct regular testing to eliminate any deviation from our standard quality of service.

At the same time, we regularly collaborate with AV-TEST GmbH, which is an independent German research institute for IT security. In collaboration with AV-TEST, we compare our products with relevant network security competitors. Whalebone consistently receives highly favorable results from all types of benchmark tests.

UVOZOVKY
Whalebone is continuously delivering reliable protection with a near-perfect false positive rate.

AV test logo 1

 

Aura CTA background-min

Read a detailed benchmarking report here.

FAQ

What is Threat Intelligence?
  • Threat Intelligence consists of collecting, analyzing, and interpreting data about current and potential cyber threats. This information is used to understand and anticipate cyberattacks. It enables proactive defense measures, allowing organizations and individuals to stay one step ahead of attackers and mitigate risks before they cause harm. In essence, threat intelligence transforms raw data into meaningful information that enhances cybersecurity readiness and response.
How often do you update the threat intelligence database?
  • We update our threat intelligence database in real time. Our systems continuously analyze data and propagate updates instantly to ensure the most current protection against new and evolving threats.
How would your Threat Intelligence target local threats in our country?
  • We collaborate with regional experts, such as local CERTs and internal security teams of telcos, to enhance our understanding of localized threats. This allows us to tailor our threat intelligence to address specific regional threats effectively.
How do you score the domains?
  • We use a combination of network traffic analysis, machine learning, metadata and historical data to evaluate the maliciousness of domains. Our scoring algorithms consider various factors to determine whether a domain should be blocked, ensuring high accuracy with minimal false positives.
Do you have honeypots or your own telemetry?
  • Both. We use our own telemetry and deploy honeypots to gather data on potential threats. This proactive approach helps us detect and analyze malicious activities before they can impact the end-customers.
Do you work with user traffic? Anonymized or full?
  • We analyze anonymized user traffic to ensure privacy while still gathering valuable data for threat detection. This approach helps us enhance our threat intelligence without compromising user confidentiality.
What does the "AI" in your detection engine do?
  • Our AI-driven detection engine leverages machine learning and neural networks to identify and predict threats more efficiently than traditional methods. It mimics human analysis, evaluates domain behavior, and predicts future malicious activities to stay ahead of cybercriminals. You can read more about our AI modules in our Threat Intelligence White Paper.

Do you cluster botnets/campaigns?
  • Yes, we identify and cluster related botnets, phishing and malware campaigns.. By understanding these connections, we can more effectively combat coordinated attacks and disrupt the operations of cybercriminal networks.
Can you stop newly observed domains? How?
  • Our system can block newly observed unknown domains in real time by analyzing patterns, metadata, and behaviors that are indicative of malicious activity. Our algorithms and AI models assess these factors to prevent potential threats proactively.
How is this better than a PiHole?
  • While PiHole blocks ads and known malicious domains, Whalebone's Threat Intelligence offers advanced, real-time threat detection, machine learning capabilities, and regional threat analysis. Our solution provides a more comprehensive approach to cybersecurity than traditional methods, protecting against a wider range of threats with greater accuracy and up-to-date intelligence. Moreover, our products focus on user-centricity that allows mass adoption globally and hence protection of millions of everyday Internet users, while usage of tools such as PiHole is limited to more experienced users.

 

Would you like to discuss our Threat Intelligence with an expert?


 

Martin Stehlik  Threat Intelligence Lead

martin.stehlik@whalebone.io

#ConnectedMeansProtected