This week, we’ve launched our new site to showcase our IP address API that comes with our practical cyber threat information. With Musubu, network analysts, engineers, and cybersecurity professionals now have an easy way to gather needed network information by IP Address and, at the same time, get actionable info they can use on potential cyber risks. If you’re already using Shodan as a part of your security routine, you’ll find Musubu a great complement to the data you get from their valuable service.
So what does Musubu give you?

  • “Threat Potential” Score
  • Malicious Activity Indicators
  • Types of Malicious Activity
  • Total Measurement of Malicious Activity
  • ISP Name, Network Type, and Group
  • Network Location

It’s great for instantly finding out:

  • Network Information by IP Address
  • How Trustworthy is a Network
  • How Secure Are My Endpoints
  • Location & Registration Info
  • ISP Information

As well, Musubu is different in that it provides enriched information designed to give you a sense of vulnerabilities or threats posed by a network. Also, it ‘s not a simple threat aggregation engine matching IP addresses like many of the solutions available today but is focused on the network of origin in context as well as what threat is posed by the subnet and broader environment of origin.
As such, it helps with other key tasks such as:

False Positive Reduction: A false positive is an error in data reporting in which an IP is incorrectly identified as a potential threat entity. Through “vetted source” analysis and machine learning analytics, Musubu has demonstrated a 40 – 75% reduction in false positives, thus providing a greatly enhanced ability to quickly filter out irrelevant data and increase analyst efficiency. Instead of the traditional single index model used to determine “probability of badness,” the Musubu score is based on three separate scoring indexes: previous observations, the imminent threat posed by past observations, and the network environment itself.

These are measured in the API results via:

threat_potential_score_pct – Numeric threat score between 0-100. The Score is calculated using “blacklist class”, “blacklist neighbors”, number of recent observations and country of origin.

threat_classification – Classification derived from “threat potential score pct”

High – Threat score >70
Medium – Threat score from >40 but
Low – Any IP unlisted with a threat score <20
Nuisance – Threat score

blacklist_class – Field classifying the specific threat vector that has been identified. Contains one of the following values: apache, blacklisted, botnet, botnetcnc, brute force, compromised, ftp, http, imap, mail, malware, phishing, ransomware, shunned, sips, ssh, TOR, worm, zeus

blacklist_class_cnt – Field providing the number of sources which have identified the address as malicious.

blacklist_network_neighbors – Field providing the number of addresses present on the same subnet which have been identified as malicious.

blacklist_observations – Field providing the number of observations (of this IP) in the last 90 days.

Go ahead and give it a try for free today. Just head to our main page, submit your valid email and follow the instructions in your email. We think you’ll make Musubu a part of your daily network security routine.
Got questions? Contact us now.