Subject: ThreatDV - Reputation Handling of Content Delivery Networks (CDN) and Cloud Service Providers (CSP)
Date of Announcement: December 9, 2016
This bulletin is an update from Product Bulletin #1064, referencing a proposed solution for Reputation handling of CDN and CSP entries.
Today, we are releasing the initial enhancement to our ThreatDV Reputation product for allowing certain CSP and CDN entries in the Reputation product database. This is a temporary measure to eliminate the majority of network impact for customers experiencing issues blocking major CSP or CDN providers. Trend Micro TippingPoint has identified and removed the relevant entries for the following organizations delivering CSP or CDN services in its reputation feed and has taken action to ensure they are not added back in. Trend Micro TippingPoint will continue to monitor the feed for these and other relevant organizations:
|Akamai Technologies, Inc.||Highwinds Technologies|
|Amazon.com, Inc.||International Business Machines Corporation|
|Networks Co., LTD.||Microsoft Corporation|
|CloudFlare, Inc.||Oracle Corporation|
|Facebook, Inc.||Rackspace US, Inc.|
|FOXCLOUD LLP||Verizon Trademark Services LLC|
Our process runs 24x7x365 and consists of reverse lookups and WHOIS queries to determine the organization associated with an IP address. We then correlate the domain to the above list of CSP or CDNs and add the entry to the Reputation allow list. This effectively removes the offending IP address from the package generated for our customers. This initial enhancement will remove all mapped CSP or CDN entries. Due to the amount of time it takes to query all new IP addresses across all reputation feeds, the CSP or CDN entry may or may not be removed from each new package. However, it should be removed with the release of a subsequent package which could take up to twenty-four hours.
We are actively working to decrease the amount of time it takes to remove CSP or CDN entries. In a future release we aim to add the CSP or CDN tags to the Reputation package for each of these entries, allowing customers to create and apply policy for both CSP and CDN defined IP addresses. Additional information related to this release will be made available as we near delivery of the finished product.
If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).
Trend Micro™ TippingPoint
For updated contact information, please click here.