Threat Intelligence for web security

Block web application attacks sooner by leveraging intelligence gathered from every Instart customer, third-party feeds, and our network of honeypots.

Stay a step ahead of application vulnerabilities

Instart Threat Intelligence combines web security expertise and data from a wide variety of channels to help companies stay ahead of the latest web application security threats and attacks. All signals from Instart Web Security, such as cookies, request headers, IP addresses, user agents, and more are collected from every Instart customer. This information is then correlated against attack signatures from Instart honeypots and third-party data feeds to increase the confidence of attack detection and reduce false positives. Threat Intelligence is used to build global rules to stop zero-day attacks, customize individual rules for attacks that specific customers are experiencing, and fine-tune Instart Web Security.

Cross-customer intelligence

Instart protects thousands of web apps across the entire globe, enabling our team to understand the types of attacks that web security must be able to protect against today. Intelligence is collected from every Instart customer's security signals and combined with industry, location, and more to build a deeper understanding of the types of web attacks our customers are facing, or might face soon.

Third-party operational security intelligence

In addition to the intelligence that Instart collects, Threat Intelligence also leverages signals from third-party data feeds in order to increase the depth and breadth of our analysis. Signatures for niche attacks, zero-days, and industry-specific attacks are layered into our proprietary signals to give us full confidence in our attack detection capabilities.


Threat Intelligence deploys a massive network of honeypots across the web to enable Instart to collect attack signatures from automated, high-volume web attacks that crawl the public internet looking for web apps. The data collected from these Instart honeypots reduces false positives.

Attack signature correlation

All of the data feeds from Threat Intelligence are combined into a central warehouse, scored, and then correlated to inform custom security rules that are deployed by Managed Security Services to protect every Instart customer against new threats as they appear. This correlation ensures that attacks are stopped as soon as possible, even before your web app is targeted.

See how cloud-based security and performance services will benefit your web apps