Skip to main content

Cloud Reputation and Threat Intelligence

Zenarmor's security features and web categorization capabilities are delivered through Sunny Valley Network's Cloud Threat Intelligence System, also known as Zenarmor Cloud.

Serving millions of queries every day, Zenarmor Cloud is a huge database consisting of reputation and security information for over 300 million web sites with new ones continuously added. Zenarmor Cloud enables us to quickly respond to malware threats and virus outbreaks in real-time.

Zenarmor Cloud provides you with the following features:

  • Real-time security threat intelligence

  • Web site categorization

  • Site reputation and ranking (for use with TLS Inspection Whitelisting/Blacklisting)

Zenarmor® provides AI-based threat intelligence safeguarding your network against more than 300 million websites and domains is a remarkable standard feature that provides sophisticated protection and is included in all Zenarmor subscriptions, from the Free Edition to the Business Edition.

As of the release of Zenarmor 1.13, the partnership between Zenarmor and BrightCloud®, Business Edition provides users with enhanced protection, including an additional 1+ billion categorized domains and 4+ billion recorded IPv4/6 addresses. In addition, Business Edition users gain access to a global threat intelligence network comprised of over 140 leading cyber security vendors utilizing BrightCloud® Threat Intelligence to enhance and expand their threat detection solutions. Therefore, you can breathe easy knowing that you have access to the highest quality threat intelligence available. BrightCloud® has evaluated more than 48 billion domains to date and adds to this database daily by analyzing approximately 25,000 threats and URLs.

Subscribers to Zenarmor Business Edition automatically gain access to the BrightCloud® Threat Intelligence database, which is powered by sixth-generation machine learning and provides their businesses with the highest level of protection at all times. Don't worry if you have a Free, Home, or SOHO subscription; you can still rely on the excellent threat intelligence that Zenarmor provides as standard.

How Zenarmor Cloud Works

Zenarmor Cloud data is queried in real-time whenever Zenarmor detects a device in an organization's protected network that is trying to initiate a connection. The packet engine then processes the flows, queries them from the nearest cloud servers and decides on the faith of the flows based on the cloud-delivered information and the system policy configurations.

Communication between Zenarmor engine and Zenarmor Cloud servers use an encrypted proprietary protocol flowing on UDP ports 5353, 5355 and 3478. For those who are strictly filtering outbound connections, You will need to allow communication to the Zenarmor Cloud servers via these UDP ports.

Sourcing Zenarmor Cloud Data

The information and threat intelligence data provided via Zenarmor Cloud is the result of an information fusion using the following information sources:

  1. Zenarmor' threat intelligence tools and web classification database

  2. Commercial threat intelligence feeds and web classification database

  3. Zenarmor' SOC

  4. Partner feedback

  5. User feedback

Managing Cloud Reputation and TI Settings

The Zenarmor Cloud threat intelligence settings let users:

  • Enable/Disable the cloud reputation and web categorization engine

  • Manually clear the cloud cache, a fast in-memory local cache of Zenarmor cloud queries and responses

  • Set local domain settings to be excluded from cloud queries

  • Select the optimum cloud servers for fast cloud queries

In order to configure Zenarmor Cloud for Zenarmor, go to ZenarmorSettingsCloud Threat Intelligence in the OPNsense GUI (Figure 1).

Figure 1. Cloud Threat Intelligence in the Zenarmor Configuration

Security and Privacy

Zenarmor makes the privacy and security of all cloud queries a top priority. To that end, sessions between Zenarmor deployments and the Cloud system are encrypted with industry-standard AES-256 encryption.

Incoming query data is held anonymously and not tied to any personally identifiable information (PII) such as IP addresses. Upon processing, the query data is immediately deleted and purged. Additionally, as per the Zenarmor data processing policy, we do not store incoming data older than 7 days (maximum).

For more information, please refer to our Privacy Policy. Zenarmor’s Privacy Policy is compliant with European GDPR regulation as well as California Consumer Privacy Act.

Zenarmor Cloud Hosted on Google Cloud

Zenarmor has partnered with Google Cloud to establish a robust, secure-by-default, reliable and scale-able infrastructure, details below.

Figure 2. Google Cloud Service

The Zenarmor Cloud database and Zenarmor back-end systems are built and hosted using the Google Cloud infrastructure.

Zenarmor Cloud serves from the following locations:

Americas

  1. USA West (Oregon)

  2. US Central (Iowa)

  3. US East (South Carolina)

Europe

  1. Europe 1 (Frankfurt am Main, Germany)

  2. Europe 2 (Zurich, Switzerland)

Asia

  1. Asia 1 (Hong Kong)

  2. Asia 2 (Mumbai, India)

Australia

  1. Australia (Sydney, Australia)
Last updated on by Zenarmor