Advanced IP Defense is a cloud-delivered security service that combines real-time IP intelligence with direct-to-IP detection to stop threats that bypass traditional DNS-based and URL-based security controls. Advanced IP Defense classifies public IP addresses across more different dynamic attributes and identifies connections that occur without a preceding DNS resolution in order to to alert on or block traffic from malicious infrastructure without requiring SSL/TLS decryption.

Advanced IP Defense allows you to protect your network in the following ways:

• Block outbound command-and-control connections that bypass DNS and URL inspection — Detect and stop malware that communicates with hardcoded IP addresses, preventing data exfiltration and remote control of compromised endpoints.
• Restrict access to high-risk infrastructure without disrupting legitimate traffic — Identify and block connections to anonymizers, bulletproof hosting, and malicious tenants on shared cloud IPs while preserving access to legitimate services running on the same infrastructure.
• Replace static IP feeds with cloud-scale, real-time intelligence — Eliminate the operational overhead and delayed enforcement of capacity-constrained third-party IP feeds by using a cloud service that tracks millions of malicious IP addresses and updates continuously.
• Enforce IP reputation across all zone traffic with a single profile — Attach an Advanced IP Defense profile to a zone to inspect every session that crosses the zone boundary, providing foundational IP reputation enforcement that complements your existing Security policy rules.