Does Fiewalla use blacklists?
I assume the product is using a negative security model (blacklist) to identify bad actors. How is this list maintained and updated as tens of thousands maybe millions of new IP's are identified by cyber security vendors every month.
How do I know I have the latest list of bad IP's if this is a network layer solution. How often is the Firewalla box updated? Do you use a third party to provide that list?
-
Yes, firewalla uses blocklists and sometimes allowlists as well, and far beyond that, we also use algorithms to look for abnormal things ... so the actions you will see in the system at times are not only just a 'block' ... maybe a warning ... The list and algorithms are maintained by our cloud servers, through a set of very complex algorithms.
Firewalla updates very dynamically, to keep the memory footprint low. We do use several third parties for the lists.
Please sign in to leave a comment.
Comments
1 comment