Network Detection and Response

An automated, predictive, actionable cybersecurity platform that protects your organization by blocking millions of cyber threats in real time.

Predictive intelligence must be automated, real-time, and actionable.
Cyber threat intelligence must be vendor agnostic and integrated with an organization’s existing IT infrastructure.

It must be used effectively and efficiently and support your business to operate with a lower risk profile. By actively blocking known sources of attacks, organizations can use eclipse.ndr to reduce their operational overhead while staying one step ahead of the adversary.
Minimize Exposure
Proactively block traffic to and from countries or autonomous systems known to be associated with high levels of cyber-criminal activity.
Protect Exposed Services
Proactively block inbound communication from IP addresses used by attackers.
Protect Users
Proactively block outbound communication to IP addresses and domains used by attackers
How does it work?
eclipse.ndr uses threat intelligence to defend organizations against cyber attacks. At any given time, the Internet hosts millions of IP addresses and domains with links to malicious cyber activity. All of us are connected to a global network; none of us works in isolation, and we all face similar threats from adversarial sources that do not discriminate when deciding who to target. eclipse.ndr leverages the collective threat intelligence gathered globally to detect and block known and emerging threats in real time and reduce an organization’s exposure to the staggering number of potential attackers.
Strengthens network security defences and evidently reduce risk by proactively blocking threats using real-time defensive controls powered by a vast arsenal of globally collected threat intelligence indicators
Increases your cybersecurity program ROI by taking proactive blocking action against emerging threats and thereby reducing the workload on your security staff
A Threat Intelligence Gateway that provides up-to-the-minute, line-speed protection against known sources of threats, both inbound and outbound, at scales of up to 10 Gbps
Protection against 150 million known threat indicators using continuously updating, risk-based, policy-driven, actionable threat intelligence that blocks and detects known sources of threats
Leverage of a vendor-agnostic open platform with centralized management to enforce risk-driven policies, to inform threat hunting, and to investigate and respond to incidents
Cloud-native management of your policies, intelligence, investigation, and reporting that’s self-managed, co-managed or completely managed by CyberStash Security Analysts
Supported Threat Feeds
What you get
Commercial Threat
A Threat Intelligence Gateway that provides up-to-the-minute, line-speed protection against known sources of threats, both inbound and outbound, at scales of up to 10 Gbps
Open Source Threat
Protection against 150 million known threat indicators using continuously updating, risk-based, policy-driven, actionable threat intelligence that blocks and detects known sources of threats
Leverage of a vendor-agnostic open platform with centralized management to enforce risk-driven policies, to inform threat hunting, and to investigate and respond to incident
Bring Your Own Intel
Cloud-native management of your policies, intelligence, investigation, & reporting that’s self-managed, co-managed or completely managed by CyberStash Security Analysts
eclipse.ndr uses a staggering number of high-quality threat-intelligent indicators, risk-based policies, GEO-fencing, and ASN-fencing, to significantly reduce an organization’s exposure to most sources of attacks

How we do it?

eclipse.ndr aligns with the following framework for operationalising Cyber Threat Intelligence:
• Collection of millions of accurate threat indicators from multiple sources including commercial and open-source feeds and government advisories

• Multiple types of threat intelligence including IP reputation blocklists, malicious domains and high-risk Autonomous Systems Numbers (ASNs)
  •  Multiple threat aggregation and consolidation into a single feed

  • An open platform that easily integrates threat intelligence with standards like STIX/TAXII

  • Analytics to drive advanced intelligence and threat detection
  • Threat feeds dynamically updated in real-time

  • Automated emerging threat protection

  • Automated risk-based policy application at line-speed
  • Pivot, hunt for, and investigate suspicious traffic  

  • Block previously unknown threats and unwanted traffic

  • Advanced network-centric threat detection

Out-of-box- Threat Intelligence

eclipse.ndr integrated with the following commercial and threat intelligence providers. It comes out-of-the-box with millions of indicators and allows organizations to add their own intelligence feeds:

Well-Fed Threat Intelligence

Well-Fed threat intelligence is generated by charting attackers to see where they actually live so you have the latest information to protect yourself.  Approximately one million malicious domains are monitored every hour and are curated and whitelisted to ensure that you have reliable information you need to protect yourself from cybercriminals. This includes Sinkhole IP Feed, DGA Feeds, and MaldomainML which is a feed based on proprietary machine learning and analytical methods of DNS telemetry developed in Bambenek Labs

Intel 471 Threat Intelligence

Threat Intelligence is derived from across 14 countries to provide near real-time coverage of threat actors and malware activity. Intel 471’s Malware Feed consists of Malware IP Indicators possessing high confidence, timely and rich context curated from Intel 471’s industry leading access in the cybercriminal underground. Types of malware covered are banking trojans, infostealers, loaders, spambots, and ransomware

Proofpoint ET Intelligence™

Proofpoint ET Intelligence provides actionable, up-to-the-minute IP and Domain reputation feeds

Domaintools Malicious Domain Block Lists

Domain and DNS data covering over 95% of all registered domains, used predictively before any malware has caused damage

Malware Patrol Threat Intelligence

Malware Patrol specializes in real-time threat intelligence that protects users and enterprises in over 175 countries against cyber attacks. The highly refined and continuously updated indicators identify compromised machines, botnets, command and control (C2) servers, malware, ransomware, cryptominers, DGA infrastructure, phishing, DNS over HTTPs (DoH) resolvers, and Tor exit nodes.

Cyjax Threat Intelligence Feed

The Cyjax Threat Intelligence feed consists of a validated feed
of contextualised IP and domain indicators of compromise
(IOCs) discovered from Cyjax research and across the threat
landscape to allow for additional enrichment and
cross-correlation with other threat information and

Webroot Brightcloud® IP

Bright Cloud Dynamic domain threat intelligence feed provides us with 5,000 domains per minute, resulting in  intelligence on over 230 million  domains per month

Cyberstash Emerging Domains And IP Block Lists

Indicators released by Government advisories and emerging Advanced Persistent Threats (APTs) are added to the CyberStash block list

Bitdefender Threat Intelligence Feed

Bitdefender Labs correlates hundreds of thousands of Indicators of Compromise (IoCs) collected through the Global Protective Network (GPN) protecting hundreds of millions of systems globally and turn data into actionable, real-time insights into the latest threats. The Bitdefender Advanced Threat Intelligence solution consists of unique feeds including: •Advanced Persistent Threats (APT) Domains – A collection of domains hosting Advanced Persistent Threats Malicious Domains – A collection of domain addresses associated with general malware activities •Phishing Domains – A collection of domain addresses associated with phishing attacks

Open Source Threat Feeds

eclipse.ndr is integrated with the following open-source threat intelligence providers:

BYO Intel Feeds & Integrations

eclipse.ndr also integrates with most other commercial and open-source intelligence providers. This effectively gives our clients the unlimited potential to expand their threat intelligence capability. In fact, we have over 50 point-and-click integrations with Threat Intelligence Platforms, SIEMs, SOARs, and other applications


Ultimate Protection and Maximum Throughout

Block attacks at line speeds of up to 10 Gbps. Protect on-premises and in-cloud workloads against inbound attacks that target exposed services. Protect outbound DNS and IP traffic to prevent attacks in their track.

CyberStash combines best-in-class technology, people, and processes to deliver its Managed Threat Intelligence Gateway Service.
Powered by eclipse.ndr, CyberStash combines best-in-class technology, people, and processes to deliver its Managed Threat Intelligence Gateway Service to organizations who don’t have in-house security staff to manage and monitor the security program

Deployment Options

Powered by eclipse.ndr, the Threat Intelligence Gateway is either deployed in front of your perimeter firewall or behind it. CyberStash works with your team to select the preferred deployment model as part of the solution design. We provide on-premises and Public Clouds deployment options such as AWS and Microsoft Azure

The Gateway connects to your network at layer-2 with 2 of its ports paired in bridge mode, so there is no need to change the IP addressing of your existing infrastructure
The Gateway includes a management interface that connects to your DMZ or corporate network. The management interface is used to communicate with the CyberStash Global Management Centre (CGMC) in the cloud where policies are configured and enforced. It is also used to continuously fetch new threat indicators from CGMC
The hardware supports either Ethernet or fibre ports and can be configured to fail-close or fail-safe. When operating in fail- safe mode, traffic passes through the Threat Intelligence Gateway if the hardware fails
eclipse.ndr | Network Detection and Response

Threat Management Architecture


As part of our Enterprise and Managed Service Package architecture, CyberStash collects DNS events from the client’s environment and network traffic events from the eclipse.ndr Threat Intelligence Gateway, which is also deployed on client premises. We then securely transport these events to the CyberStash Cloud SIEM, which allows us to provide threat correlation, hunting, investigation and advanced threat detection

Risk-Based Threat
Classification Policies

eclipse.ndr classifies and responds to threats by Threat List Policies, Block List Policies, Country List Policies and ASN List Policies

Maximise configuration flexibility: Risk-Based Policies are applied separately to inbound and outbound traffic, to specific asset groups, and to the following threat categories:

• Command and Control
• Endpoint Exploits
• Botnet
• Drop Site
• Web Exploits
• Spam
• Scanner
• Advanced Persistent Threat
• Brute Force Password

• TOR / Anonymizer
• Proxy / VPN
• Compromised
• Fraudulent Activity
• Illegal Activity
• Undesirable Activity
• P2P Node
• Online Gaming
• Remote Access Server

Incident Response Management

Our Managed Service Packages include Incident Response Management. This enables our clients to call on the CyberStash security team to respond on their behalf and block an attack by:

IP Address or CIDR
Autonomous Systems Numbers (ASNs)


With the magnitude of the security advisories and alarms generated by today’s technologies, security analysts have the impossible task of investigating each event and taking effective response action to eliminate the risk. The continuous response capability built within eclipse.ndr automates the manual heavy lifting a security analyst is required to perform and automatically blocks malicious indicators at line speed. This enables a security analyst to better use their time to hunt and investigate anomalous network traffic that could be associated with targeted attacks and adversary infrastructures which there is no intelligence on.
eclipse.mdr | Managed Detection and Response
When delivered as a Managed Detection and Response (MDR) service, CyberStash uses eclipse.ndr to constantly monitor, detect, hunt, investigate and respond to cyber threats to keep your business safe
Security Monitoring | Incident Investigation
24/7 Automated Protection
| Detection | Threat Hunting | Incident Response
Periodic Tuning and Reinforcement
Incident Response | Threat Containment
Security Consulting | Actionable Advice

Independent & Automated Security Stack

Let’s get started

The independent cyber defense platform eclipse.xdr acts as a force multiplier to dramatically reduce an organization’s exposure to cyber-attacks and minimize the likelihood of business impact. 
Contact us to learn about:
Please enable JavaScript in your browser to complete this form.
Your Full Name