Key features of R&S®IP Reputation Service

With R&S®IP Reputation Service, optimize the efficiency of your WAF policy by leveraging up-to-date threat intelligence

Threat intelligence

Scans and monitors 4+ billion IP addresses and 27+ billion URLs to evaluate the risk associated with incoming web requests.

Threat intelligence

The Webroot platform analyzes, classifies and scores URLs, IPs and files using advanced machine learning and behavioral analysis. A contextual analysis engine correlates data for increased granularity and accuracy.

Near real-time

The database is updated every 5 minutes. You know whenever a new malicious IP source is identified, anywhere in the world.

Near real-time

Your WAF uses up-to-date information about which IP addresses to trust and which ones to be weary of, based on how attackers use them. Good intelligence helps admin make better threat decisions and highly improved security efficiency.

Reputation score

A score is calculated for each IP address, based on historical & contextual data, which indicates how trustworthy it is.

Reputation score

The service correlates intelligence across linking IPs, URLs, files, mobile applications and billions of records to establish a reputation score identifying the risk of an attack originating from a given source IP.

Threat categories

Your security policy can also take into account the threat categories source IPs have been associated with.

Threat categories

IP addresses can belong to one or several of the following threat categories : Windows Exploits, spam sources, Denial of Service, Phishing, Reputation, Mobile Threats, Anonymous Proxies, Botnets, Scanners, Web Attacks.


Contextual data correlation and analysis generates threat intelligence that is a lot more accurate than static IP lists.


False positives are avoided by collecting data from plus than 37 million sensors, identifying suspicious IPs, gathering and correlating evidence, placing IPs on “trial”, and releasing them once “prison” sentence served.


The service’s advanced prosecution methodology adds and removes IP addresses from the database all the time.


100 000 new IP addresses are added to the list and 38% of IPs are removed every day as a result of evaluating more than 4 Billion IP addresses, 27+ Billion URLs, 20+ Billion mobile apps and more than 60 Million email domains.


R&S®Web Application Firewalls can leverage the live threat intelligence data to make decisions on how to respond adequately to requests


Both the IP reputation score and threat category can be used to determine how to handle requests from various IPs. Security and authentication policies can be different for trustworthy and questionable IP addresses.

User Reputation

The IP reputation score/category is one of the sources computed by Rohde & Schwarz Cybersecurity’s User Reputation Scoring engine to assess users.

User Reputation

User Reputation Scoring tracks users, evaluates their trustworthiness based on behavior (within the application) and context, including geolocation and source IP in order to stop illegal and dangerous activities.

Threat Intelligence & IP Reputation Index

It analyzes and correlates data to create a predictive risk score, which falls into one of five rating bands ranging from trustworthy to malicious.

Why do you need R&S®IP Reputation Service?

Discover why R&S®IP Reputation Service is a must-have add-on to your R&S®Web Application Firewalls

  • Performance optimization

    Because you don’t need to filter requests originating from bad IP sources. Dropping them reduces the burden on your WAF.

  • False positive reduction

    Because you can lower the risk of false positives by using a less stringent policy for requests originating from trusted IPs.

  • Bad bots limitation

    Because you can block malicious bots based on threat intelligence data and limit the traffic rate of all other bots.

  • Adaptive authentication

    Because you can require stronger authentication from users connecting from questionable, less trustworthy IP sources.

  • User reputation evaluation

    Because you can prevent users from misusing their rights and attacking the application, even if they connect from safe IPs.

  • Adjust to new scenarios

    Because you need to be able to adjust your security and authentication policies to a changing threat landscape.

Additional resources

More information on R&S®IP Reputation Service

Press Release

PR IP Reputation


Webinar IP reputation

Threat brief

Threat brief IP Reputation


Datasheet IP reputation image

Download R&S®IP Reputation Service Datasheet