October 28, 2010, 9:58 AM — Startup service provider ipTrust today said it was offering a program that lets businesses avoid botnets and infected machines by letting them know whether IP addresses are linked to suspicious behavior.
By granting access to its database on the known behavior of more than 250 million IP addresses, the company gives customers a means to determine if their own network harbors infected machines that are carrying out malicious activity and whether IP addresses the company comes in contact with are infected, ipTrust says.
The company is a spinoff from Endgame Systems, which has compiled the database and sells similar services to governments. Endgame has close links to Internet Security Systems (ISS), with Endgame's chairman and CEO Christopher Rouland having served as CTO of ISS and Endgame's COO Daniel Ingevaldson having headed penetration testing there. Rouland is on the board of ipTrust and Ingevaldson is its COO. ISS co-founder Tom Noonan is a member of ipTrust's board.
The company has also won $29 million in Series A funding from investment firms Bessemer Ventures, Columbia Capital, Kleiner Perkins Caufield & Byers and TechOperators.
Initially, ipTrust is offering two services, ipTrust Professional and ipTrust Web.
The first lets customers tap the Endgame database to determine the trustworthiness of IP addresses based on a score from 0 to 1, with 0 indicating a site with no known negative activity, and 1 indicating recent negative activity. This confidence score can be used to help determine how customers treat the sites, Ingevaldson says.
In addition to the score, the service provides a list of specific behaviors that helped determine the score. For example, if an IP address connected to a known botnet command-and-control server today, that would contribute to a bad confidence score. If it connected to the C&C server two years ago and had no other incidents since, the confidence score would better, he says.
Other factors influencing scores include whether the address is part of an Autonomous System or assigned to an ISP that is suspect.