ElastiFlow NetIntel Enhances Threat Detection with ASN Enrichment and Expanded Internet Scanner Data

Today, we’re announcing the first significant set of updates to ElastiFlow NetIntel, the source of network intelligence enrichment for flow data. These updates include ASN (Autonomous System Number) enrichment and the integration of additional sources of internet scanners. ASNs are the globally unique identifier for organizations participating in the global BGP (Border Gateway Protocol) routing table.  This is the information that glues the internet together. The new features are designed to give network and security teams a more transparent, actionable view of potential threats while reducing the noise from harmless scanners and benign traffic.

With ASN enrichment, users can now gain deeper insights into the ownership and geographical origins of network traffic by associating IP addresses with their respective ASNs. This added layer of intelligence allows for more precise identification of traffic sources, helping users more effectively differentiate between legitimate service providers and potentially harmful actors.

Integrating enhanced internet scanner intelligence brings in data from a broader range of well-known scanners. These sources help filter out benign traffic, such as routine scanning activity, which often triggers false positives and consumes valuable resources. By focusing on actual potential threats rather than noisy scanners, security teams can better allocate their time and effort to investigating suspicious behavior.

Key benefits of these updates include:

• Reduced False Positives: Enhanced filtering of routine scanner traffic ensures that only real threats are brought to the forefront, helping teams stay focused on what matters.

• Improved Threat Visibility: ASN enrichment provides context to traffic, making it easier to identify suspicious or unexpected network activity from specific regions or providers.

• Faster Response Times: By eliminating noise from known harmless scanners, security and network teams can quickly prioritize genuine threats, improving overall response efficiency.

• Connectivity Cost Reduction: Improved decision-making on peering or purchasing transit.

These updates further strengthen ElastiFlow’s commitment to providing network security teams with actionable insights, cutting through the noise, and highlighting the most critical threats.  ElastiFlow customers can leverage the unique capabilities of ElastFlow for both network observation and network intelligence.  Many other services just do one or the other.