Botnet Blocking


In today’s reality, it’s highly important to work proactively with data security, and most do this by implementing virus scanning software and perimeter protection. The challenge is that 93% of all malicious Windows executables is polymorphic malware changing connection points all the time. And as malware aggressively infects computers around the world—IP addresses with bad behavior drastically increases with the effect that—as they’re mitigated—the IP resets to become more benign. That’s why IP reputation scanning and scoring needs constant updating, revising and alerting.

In fact, hundreds of thousands of new IPs are added to and removed from “Bad IP lists” multiple times a day. Services run on IPs classified as “Bad” can be of several categories, including port scanners, denial of services traffic generators and SPAM mail servers.

The percentage of bad IPs used for Botnets has increased to 4.3%, up from last year’s 3% rate. As these IP are known—you can proactively protect yourselves from infection by implementing preventative measures. The best way to address the potential danger of malicious IPs is to block them automatically so they cannot do damage.

Learn more from the 2020 Clavister Webroot Threat Report



IP addresses with malicious intent can be detected and categorized. And based on their activity, a unique reputation score is given. Clavister uses this intelligence to proactively block connection attempts to and from Botnet IPs or on traffic originating from Scanners IPs as well as from known Denial of Service servers. In addition, detailed logging is available for connections from a known SPAM mail server, on traffic to and from anonymous proxies (like Tor) and to and from phishing sites as well as windows exploits.

Clavister NetWall includes full detection and action capabilities in Clavister Security Service subscription. This proactively blocking connection attempts to IP addresses with a bad reputation— validated in real time and with detailed reporting available to reveal what’s happening on your network. As malware is cleaned around the world IPs that have improved their reputation will automatically be allowed again, removing any administration required.

Statistics become available in Clavister InCenter Cloud and updated in real-time providing drill down and alllowing a fix to the root cause. Insights can lead for instance to the discovery of internal malware connecting to malicious sites that has been happening under the radar.


Clavister was first to offer IP Reputation technology with real-time updates included in the security subscription package. Data is sourced from expert partner Webroot who collects from 67 million real-world sensors around the globe. The platform uses 6th generation machine learning to analyze 500 billion data objects every day.

Based on this the IP list is updated with a reputation score per address, allowing for pro-active blocking. Alternatives with DNS Black-list lookups are based on static data, not categorized and untrusted. Instead Clavister’s dynamic lookup and refresh capabilities with the Clavister Service Provisioning Network results in low resource requirements in the local appliance or virtual firewall. In addition, Clavister NetWall providers always-on visibility for logging.


Dynamically-updated IP address lists will continue to be the best way to deal with risky IP addresses. With Clavister NetWall Security Subscription Service world class IP Reputation technology with real-time updates is included. The lists are updated several times daily and through Clavister InCenter Cloud real-time insights to what’s happening in your network included. Customers using Clavister NetWall with proactive Botnet Blocking using globally collected intelligence protect their users and business continuity with best in class protection.








The following Clavister products are capable of providing this use case.

Clavister NetWall Firewalls

Clavister NetWall Virtual Models

Management & Analytics

Solutions & Customers

The following solutions and customers benefit from this use-case:


Business Traffic Optimization

Secure corporate resource usage and manage employee time


Internet Content Control

Preventative security measures: securing the identity of the end-user through secure authentication


End-user Protection

Securing the user from the network and on the device itself

Get in touch! It will only take a minute