Page 6 – Silent Push

Winning the AI War: Why Preemptive Cyber Defense is the Only Viable Countermeasure for CISOs

January 7, 2026/in Blog/by Charlotte Pawson

The escalation of AI-driven cyber threats has fundamentally broken the traditional security lifecycle. For decades, the industry has operated on a reactive cadence: an attack occurs, indicators are gathered, and defenses are updated. This model assumes that defenders have time to react.

In an era where threat actors leverage Artificial Intelligence (AI) to automate the creation and deployment of malicious infrastructure, that assumption is no longer valid. AI has granted adversaries the ability to operate at machine speed and infinite scale.

To a CISO, the strategic imperative is becoming clearer by the day. You cannot defeat an automated enemy with a reactive defense. The only way to combat AI-driven threats is to adopt a Preemptive Cyber Defense posture that neutralizes infrastructure before the attack is ever launched.

The Asymmetry of AI-Driven Attacks

AI and advanced automation have shifted the balance of power by solving the two biggest constraints for attackers: cost and complexity.

Infinite disposable Infrastructure: Automation allows threat actors to spin up thousands of unique domains, subdomains, and IPs for a single campaign. These assets are “disposable.” They are used once for phishing or malware delivery and then abandoned immediately.
Hyper-evasion: AI tools can instantly generate infinite variations of web content and code. This allows attackers to bypass signature-based detection systems by ensuring that no two attacks look exactly the same, even if they originate from the same group.

In this environment, waiting for an alert means you have already lost. The speed at which AI-generated campaigns are deployed and discarded outpaces the speed at which reactive security tools can ingest and distribute Indicators of Compromise (IOCs).

Moving Left of the Launch

To survive this new threat landscape, security strategies must move “left” of the attack launch. This is the core mandate of Preemptive Cyber Defense.

The goal is no longer to detect a payload as it hits the network. The goal is to identify Indicators of Future Attack (IOFA™). These are the traceable digital footprints that adversaries leave behind while they are still staging their infrastructure.

Even AI-driven automation follows rules. While an attacker can change an IP address in milliseconds, they cannot easily hide the Tactics, Techniques, and Procedures (TTPs) they use to procure, configure, and manage their network.

Silent Push: Combatting AI with Contextual Pre-Attack Data

Our platform uses a unified data model that treats the internet like a living, breathing network. By tracking how every piece of data (IPs, domains, hostnames and more) relates to one another, we create a highly contextual map of global infrastructure.

This framework turns billions of raw data points into a definitive opinion, allowing us to see the “DNA” of a threat actor even when they use AI to change their behavior.

This approach counters AI velocity with behavioral precision:

Mapping the Unknown: Silent Push scans the entire IPv4 and IPv6 space to identify the hidden attacker infrastructure that traditional feeds miss. This reveals the staging grounds where AI-driven campaigns are born.
Behavioral Fingerprinting: By analyzing over 200 parameters, including DNS records, certificate authorities, and WHOIS patterns, Silent Push creates fingerprints of adversary behavior. This allows the platform to link thousands of seemingly unrelated, AI-generated domains and content back to a specific threat actor.
Content Similarity Analysis: To defeat AI-generated phishing pages, Silent Push employs fuzzy hashing (ssdeep) and proprietary structural hashing. This allows defenders to identify and block entire clusters of malicious sites based on shared code structures, regardless of how the attacker tries to visually disguise them.

The CISO Advantage: Deterministic Neutralization

Adopting a preemptive approach changes the economic reality for the attacker. By blocking the underlying infrastructure rather than chasing individual IOCs, you disrupt the attacker’s ability to scale.

For the CISO, this shifts the organization from a posture of constant emergency response to one of strategic control.

Pre-weaponization blocking: High-confidence IOFA™ feeds can be fed directly into firewalls and SIEMs to block connections to malicious infrastructure days or weeks before a campaign goes live.
Eliminating noise: By filtering out the noise of disposable AI-generated indicators, security teams can focus their resources on verified, high-priority threats.

In the era of AI-driven attacks, hesitation is a terminal risk. Traditional defense is mathematically incapable of keeping pace with automated scale. To win, we must move beyond existing security approaches and embrace a truly preemptive posture, neutralizing infrastructure before it is weaponized.

The Economics of Preemption vs. Reaction

Automated attacks create a scale problem that reactive budgets cannot solve. When threats move at machine speed, relying on an IOC-and-respond cycle leads to unpredictable spending and avoidable downtime.

Neutralizing infrastructure before it is weaponized stabilizes the security budget and removes the operational volatility inherent in reactive security models.

Focus Area	The Cost of Reaction	The ROI of Preemption
Budget Control	Linear growth: You pay for every attack via incident response, forensics, and legal fees.	Cost avoidance: Neutralizing infrastructure early stops the billable hours of a breach before they start.
Operational Uptime	Recovery mode: Success is measured by how fast you get back online after a hit.	Stability-based: Success is measured by the attacks that never reached your network in the first place.
Resource Allocation	SOC burnout: High-tier talent is wasted triaging thousands of automated “noise” alerts.	Strategic focus: Filtering threats at the source allows your team to focus on high-value architecture and strategy.

Why this matters for the bottom line

In an AI-driven threat landscape, the gap between “compromise” and “encryption” is shrinking to seconds. If you are still relying on a human-led response to an automated probe, the ROI will always be negative.

Traditional defense manages the damage; preemptive defense manages the risk. Shifting to a preemptive posture ensures that your security budget is spent on maintaining growth rather than chasing ghosts.

Book A Demo Today

Webinar — Magecart Unmasked: How One Indicator Unraveled a 4-Year Skimming Network

January 6, 2026/in News, Webinars/by Charlotte Pawson

Learn how to detect, investigate, and stop invisible client-side threats targeting web applications and online transactions.

Client-side attacks like Magecart skimming are one of the most dangerous and hardest-to-detect threats facing modern web applications. These attacks bypass traditional server-side security, silently injecting malicious JavaScript to steal payment card data, PII, and credentials during online transactions.

In this webinar, security teams will learn how to identify Magecart activity early, uncover hidden skimming infrastructure, and protect web forms from sophisticated client-side supply chain attacks.

Date: February 3, 2026
Time: 10am SGT (APJ), 12pm CET (EMEA), 1pm ET (AMER)
Location: Online

Workshop: From Alert to Infrastructure Context in 10 Minutes

January 6, 2026/in News, Webinars/by Charlotte Pawson

Most analysts are stuck in a cycle of reactive guesswork. Get the tactical blueprint to transition to Preemptive Cyber Defense through high-speed enrichment and noise reduction.

This cyber defense workshop covers deep enrichment, noise reduction, and smarter triage techniques to help you move from reactive guesswork to preemptive defense.

Date: 27 January, 2025
Time: 10am ET // 3pm CEST // 10am SGT // 12pm AEST
Location: Online – Zoom
Requirements: Silent Push free Community Edition | Sign-up here

Silent Push Shines a Light on Evolving Global Bulletproof Hosting Ecosystem

December 15, 2025/in Blog/by Peggy Kelly

Bulletproof Hosting (BPH) providers have been a part of the threat actor landscape for decades. Interestingly, the market has experienced a renaissance in the past year, marked by notable changes that include a surge in providers globally, the emergence of new tactics, and increased resilience against takedown efforts. This demonstrates just how deep and complex the space has become from a defender’s perspective.

Silent Push Threat Analysts have developed a new white paper, “Shining a Light on the Global Bulletproof Hosting Ecosystem,” to illustrate the current state of the BPH practice and highlight the potentially lesser-known technical dynamics we’ve been observing.

The Allure of BPH

Threat actors are drawn to BPH providers for their permissive policies regarding hosted content and their hands-off approach to abuse complaints and takedown requests. These providers enable malicious infrastructure, such as phishing kits, Command-and-Control (C2) servers, and data exfiltration points, to remain online for longer periods with fewer disruptions.

Throughout the report, we discuss exactly what defenders need: real-time data and hunting tools to block malicious traffic emanating from BPHs. Our Indicators of Future Attack™ (IOFA™) feeds for BPHs are explicitly designed to expose threat actors as they migrate infrastructure, flagging new ASNs, IP ranges, and hosting providers long before they appear on other threat radars.

Engaging Preemptive Cyber Defense

The Silent Push platform features an ever-increasing catalogue of Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and other integrations to support organizations’ need for preemptive cyber defense, equipping defenders with accurate and dependable alerting on suspicious and malicious activity.

Our goal is to raise awareness on internet hosting providers who’ve been labeled “Bulletproof” for their willingness to host services specifically designed to shield clients from technical and/or legal disruption. During the course of our research, we employed a wide range of criteria to label the hosts we track as bulletproof, many of which are covered in the report and have not been discussed publicly elsewhere. Some, however, we cannot disclose for operational security reasons. We believe that sharing these criteria and methods publicly is crucial in informing defenders about where cybercriminals are hiding within their networks.

BPH: Expanding, Not Going Away

With the rise of artificial intelligence (AI) and large language models (LLMs), we anticipate that threat actor automation of infrastructure setup will continue to increase into 2026 and beyond. Extensive coverage of BPH providers enables defenders to remain vigilant against suspect infrastructure frequently used for obfuscation and weaponization, ensuring that actors using these networks as part of their automation fail before they can initiate their attacks.

By circulating this information publicly without restriction, we want to reach communities that have the means and motivation to shape a safer, more accountable threat landscape, with preemptive cyber defense for all kinds of defenders: threat hunters, policymakers, researchers, journalists, and government teams.

Download the White Paper

After reviewing our Bulletproof Hosting white paper, if you are interested in learning more about Silent Push preemptive cyber defense technology and how it can empower your organization’s security team, please get in touch with us or book a demonstration to discuss the platform with our experts.

Ready to dive deeper into the world of preemptive cyber defense? Take our technology for a test drive with the free Silent Push Community Edition today.

Silent Push Completes Strategic Acquisition of HYAS, Expanding Customer Base and Securing Global Leadership in Preemptive and Proactive Cyber Defense

December 15, 2025/in News/by Charlotte Pawson

Acquisition strengthens Silent Push’s capabilities to deliver deeper visibility, stronger intelligence correlations, and enhanced defensive outcomes

Reston, VA, December 15, 2025 – Silent Push, the leading preemptive cyber defense vendor, today announced that it has acquired HYAS, the adversary infrastructure platform provider offering unparalleled visibility, protection, and security.

Combining HYAS Insight with the larger Silent Push platform enables customers to benefit from HYAS’s unique data, infrastructure intelligence, and capabilities with Silent Push’s industry-leading adversary and infrastructure reconnaissance technologies. Together, this will result in unparalleled preemptive and proactive security.

“The acquisition of HYAS marks a significant milestone in our strategy to extend our global presence and deliver the industry’s most leading-edge cyber defense solutions,” said Ken Bagnall, CEO, Silent Push. “Our combined expertise will accelerate Silent Push’s leadership position as we continue to innovate and build best-in-class products that enable our customers to preemptively and proactively stop threats.”

Silent Push’s flagship solution is the first and only to provide a complete view of emerging threat infrastructure in real time. By exposing malicious intent through its Indicators Of Future Attack™ (IOFA™) data, Silent Push enables security teams to proactively block hidden threats, discover previously unknown infrastructure, and avoid loss. Silent Push will integrate HYAS Insight to contribute to its Total View, which consolidates comprehensive Domain and IP intelligence into a single screen.

“Our mission is simple – empowering organizations to see malicious infrastructure usage and behavior to block attacks before damage occurs, prevent fraud, accelerate investigative time to close, and complete both task and mission,” said Dave Ratner, CEO at HYAS. “Joining Silent Push is a natural fit that enables us to further accelerate that mission and creates significant opportunities for our customers and the market in general. My colleagues and I look forward to combining our skillsets with Silent Push to deliver the solutions that provide security and investigative teams with true power and intelligence against cyber threats, financial fraud, and other nefarious activity committed by bad actors.”

“This acquisition brings together two cybersecurity leaders with similar visions and culture, while each organization brings its own set of proven capabilities,” said Dave Palmer, Ten Eleven Ventures. “Together, they are providing one of the industry’s most comprehensive security portfolios for preemptive and proactive security, and strengthening Silent Push’s go-to-market strategies as they expand their global footprint.”

HYAS’s leadership and team will join Silent Push, with operations continuing under the Silent Push brand.

About Silent Push

Silent Push is a preemptive cybersecurity intelligence company. It is the first and only solution to provide a complete view of emerging threat infrastructure in real-time, exposing malicious intent through its Indicators Of Future Attack™ (IOFA™) data to enable security teams to proactively block hidden threats and avoid loss. The Silent Push standalone platform is also available via API, integrating with any number of security tools, including SIEM & XDR, SOAR, TIP, and OSINT, providing automated enrichment and actionable intelligence. Customers include some of the world’s largest enterprises within the Fortune 500 as well as government agencies. A free community edition is available. To stay up to date with Silent Push, follow us on LinkedIn and X.

Shining a Light on the Global Bulletproof Hosting Ecosystem

December 15, 2025/in White Papers & Reports/by Peggy Kelly

Bulletproof Hosting (BPH) providers have been a part of the threat actor landscape for over two decades. Interestingly, over the past year, the market has experienced a renaissance, marked by notable changes that include a surge in providers globally, the emergence of new tactics, and increased resilience against takedown efforts. This demonstrates just how deep and complex the space has become from a defender’s perspective.

In developing this new white paper, our goal is to illustrate the current state of the practice of Bulletproof Hosting and to highlight the potentially lesser-known technical dynamics we’ve been observing.

Our world-class threat analyst team has been diligently working to provide and scale our detection of BPH infrastructure, so that our clients can utilize those detections within their Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) tooling for accurate, dependable alerting on suspicious and malicious activity.

This white paper was created to raise awareness on internet hosting providers who’ve been labeled “Bulletproof” for their willingness to host services specifically designed to shield clients from technical and/or legal disruption. Our researchers employ a wide range of criteria to label the hosts we track as bulletproof, many of which are covered in the report and have not been discussed publicly elsewhere. Some, however, we cannot disclose for operational security reasons. We believe that sharing these criteria and methods publicly is crucial in informing defenders about where cybercriminals are hiding within their networks.

By circulating this information publicly without restriction, we aim to reach communities that have the means and motivation to shape a safer, more accountable threat landscape, with preemptive cyber defense for all kinds of defenders: threat hunters, policymakers, researchers, journalists, and government teams.

Download the White Paper

After reviewing the Bulletproof Hosting white paper, if you are interested in learning more about Silent Push preemptive cyber defense technology and how it can empower your organization’s security team, please get in touch with us or schedule a demonstration to discuss the platform with our experts.

Ready to dive deeper into the world of preemptive cyber defense? Take our technology for a test drive with the free Silent Push Community Edition today.

Workshop: Unwrapping Festive Fraud — Hunting and Investigating Scam Sites

December 3, 2025/in News, Webinars/by Charlotte Pawson

Join our final Silent Push workshop of the year. We’re unpacking the surge in end-of-year scam shops and shady websites — showing you how to spot them fast using our free Community Edition.

You’ll learn how to turn these insights into sharper security decisions, spot common patterns in fake shops and scam infrastructure and investigate domains and the systems behind them.

Date: 16 December, 2025
Time: 10am ET // 3pm CEST // 10am SGT // 12pm AEST
Location: Online – Zoom
Requirements: Silent Push free Community Edition | Sign-up here

Neutralize Before Compromise: Why Pre-Attack Detection is the Future of Cybersecurity

November 28, 2025/in Blog/by Charlotte Pawson

For years, cyber defense has been like driving forward while staring into the rearview mirror.

Security teams operate primarily on artefacts of the past: Indicators of Compromise (IOCs). These generic data points, like a known malicious IP or file hash, are records of what has happened. While useful for forensics, they serve little purpose in preventing an attack that is currently forming.

Reliance on retrospective data keeps organizations playing catch-up, forcing SOCs into a constant, exhausting state of response. To close the visibility gap, we must move from response to preemption.

We need to focus less on the bullet that has already been fired, and more on the weapon being loaded.

“If knowing is half the battle, then why focus on the battlefield your enemies have already abandoned? It’s far more efficient to focus on where they are currently camped, what routes they are taking, and what tactics they plan to use next.”

— John Jensen, Silent Push Co-founder & CTO

The Outcome: Real-World Impact of Pre-Attack Data

Transitioning from legacy IOCs to Indicators of Future Attack (IOFA™) fundamentally changes the operational reality for security teams.

By modeling adversary behaviors (TTPs) during their infrastructure setup phase, we provide critical data that exists “left of boom.” This approach delivers specific, measurable outcomes that directly strengthen your security posture. The below video dives further into what this means, and exactly what type of data is involved.

Here is what your team gains when you switch to pre-attack detection:

1. Seamless Integration and Operationalization

Outcome: Bridge the Gap Between Insight and Action

Data is only valuable when it’s operational. IOFA™ data is explicitly designed as finished, actionable defense data that can be automatically ingested into an organization’s security tools.

API-First architecture	We prioritize connectivity. With over 250 endpoints, the platform ensures preemptive data flows directly into your security fabric without friction.
Orchestrated defense	By feeding directly into SIEM and SOAR platforms like Splunk, Tines, and Cortex XSOAR, organizations automate the tactical response. This shifts the human role from manual data handling to high-value strategy and decision-making.

2. Optimized Security Operations (SOC/IR)

Outcome: Accelerate Triage and Decisive Response

The modern SOC is defined by how quickly it filters signal from noise. For Security Operations and Incident Response teams, preemptive data shifts the advantage back to the defender.

Eliminate the context deficit	Triage slows down when analysts face unknown indicators. IOFA™ provides immediate risk scoring and context, allowing for automated validation. This drastically reduces false positives and mitigates alert fatigue by stopping the noise before it distracts the analyst.
Accelerate your response	Reducing Mean Time to Detect (MTTD) and Respond (MTTR) requires better visibility, not just faster tools. During an incident, IR teams can instantly map associated adversary infrastructure and trace lateral movement. This high-confidence data allows teams to contain threats rapidly and significantly reduce dwell time.

3. Critical Brand and Asset Protection

Outcome: Preempt the Weaponization of Your Identity

Pre-attack behavioral fingerprinting directly tackles external brand threats and internal vulnerabilities. Silent Push continuously monitors the internet for malicious infrastructure mimicking an organization’s identity. This capability proactively prevents financial loss and reputational harm by defending against:

Prevent damage from phishing and domain impersonation	Neutralize typosquatted domains and spoofed MX records during fraudulent certificates, and email spoofing configurations during setup.
Detect content and brand spoofing	Identify fake login portals and cloned sites immediately by tracking the reuse of your specific HTML, logos, and trust markers.
Identify and mitigate infrastructure & DNS vulnerabilities	Proactively discover exploitable misconfigurations, such as dangling DNS records, before attackers can use them to launch high-credibility attacks.

4. Enhanced Proactive Threat Hunting (CTI)

Outcome: Expose the Full Scope of Adversary Campaigns

Pre-attack data allows Cyber Threat Intelligence (CTI) teams to conduct genuine proactive threat hunting, leveraging the Silent Push platform to track emerging threats and map adversary campaigns before they launch.

This capability has proven effective in exposing the full extent of adversary infrastructure, such as finding over 4,000 phishing domains used by FIN7 and uncovering sensitive details related to the Lazarus Group by pivoting from a single suspicious domain. This approach allows threat hunters to uncover and block the remaining hidden activity.

Construct high-fidelity attacker fingerprints	Build efficient queries that correlate over 200 parameters, including Passive DNS, HTML, and SSL to identify pre-weaponized assets based on behavior, not just known indicators.
Map APT and emerging threat campaigns at scale	Trace the full infrastructure of known groups like FIN7, Lazarus, and Scattered Spider and emerging groups. This turns raw hunting data into curated IOFA™ feeds that block entire campaigns before execution.

Moving “Left of Boom” with Silent Push

If your team is tired of playing catch-up, it’s time to change the rules of engagement.

Pre-attack detection provides a distinct competitive advantage, strengthening your posture against both known groups (like Scattered Spider) and emerging, unnamed threats. Stop waiting for the breach to tell you where the holes are.

Book A Demo Today

CISA’s New Guidance on Bulletproof Hosting: Why It Matters and What Comes Next

November 20, 2025/in Blog/by Peggy Kelly

As part of this collaboration, Silent Push contributed research and insights that helped inform CISA’s latest publication, “Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers.” CISA, working with the NSA, FBI, DoD Cyber Crime Center, and several international cyber agencies, developed this guidance to address one of the most persistent enablers of cybercrime, where infrastructure is intentionally leased to malicious actors: Bulletproof hosting providers.

Why CISA’s Guidance Matters

CISA’s report highlights a core industry challenge. Systems that are unprotected or misconfigured increase the opportunity for threat actors to operate at scale. Bulletproof hosting infrastructure often blends into the broader internet, making it difficult for organizations to detect and contain.

CISA and its partners are encouraging Internet Service Providers (ISPs) and network defenders to adopt more proactive strategies for reducing the effectiveness of this infrastructure. Their recommendations include:

Curating high-confidence lists of malicious internet resources
Applying filters and blocking actions based on these lists
Improving visibility into hosting infrastructure that repeatedly supports criminal operations
Limiting the freedom of Bulletproof hosting providers to keep malicious resources online

The guidance was developed through the Joint Ransomware Task Force (JRTF), reflecting the growing connection between Bulletproof hosting and ransomware campaigns targeting critical sectors.

Our Perspective

This publication brings much-needed clarity to a problem that has long shaped cyber operations. Bulletproof hosting infrastructure enables cybercriminal activity by providing threat actors with a dependable foundation for their campaigns. When this infrastructure is identified and constrained, defenders gain more meaningful opportunities to reduce the scale and impact of emerging threats.

Our work focuses on helping defenders detect malicious resources early, track infrastructure changes, and understand the patterns behind these operations. Seeing this issue addressed directly by CISA and its international partners is an important step for the broader security community.

In our public research on “infrastructure laundering,” we detailed how malicious actors illicitly acquire IP addresses from major cloud providers and map them via CNAME chains to make sure their scam websites load quickly for victims, providing a practical example of the kind of Bulletproof hosting activity CISA’s guidance addresses. We are committed to helping defenders identify and disrupt malicious infrastructure before it fuels large-scale operations.

Looking Ahead with Preemptive Cyber Defense

Improving visibility into Bulletproof hosting providers and limiting their ability to support cybercriminal activity is a practical and impactful measure. If ISPs and network defenders implement the recommendations in CISA’s guidance, the operational environment for attackers becomes more restricted and more costly.

We appreciate the opportunity to contribute insights to this conversation and support efforts that strengthen proactive defense across the ecosystem.

Additional Resources

How Preemptive Cyber Defence Supports the UK's ACD Strategy

November 19, 2025/in Blog/by Charlotte Pawson

UK organisations are expanding their digital footprint, but reliance on reactive security is leaving them exposed. To align with the NCSC’s Active Cyber Defence (ACD) strategy, teams must shift to preemptive defence.

In response to growing cyber threats, the UK’s National Cyber Security Centre (NCSC) has implemented the Active Cyber Defence (ACD) programme. The ACD’s mandate is clear: to “Protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber-attacks the majority of the time.”

This strategy specifically targets the high-volume commodity attacks, like mass phishing and spoofing, that affect our everyday lives, rather than focusing only on highly sophisticated, targeted attacks. Achieving this level of protection at scale requires a fundamental shift in our defensive strategy.

The Limitations of a Reactive Cyber Defence

Historically, cyber defence has relied heavily on reactive security models that use Indicators of Compromise (IOCs). These traditional indicators typically provide generic, post-breach data about where an attack has been. This data often consists of stale lists that quickly become obsolete as attackers rapidly recycle infrastructure.

Relying solely on IOCs forces security teams into a reactive posture, where they are left struggling to manage complex incidents after the damage has already been done. To meet the NCSC’s aim of scalable protection, the industry must move beyond reaction and adopt a preemptive stance.

A New Approach: Preemptive Cyber Defence

Preemptive cyber defence is an approach focused on a single goal: identifying and preventing attacks before they cause harm.

This is possible because threat actors leave behind more than just IOCs; they leave behavioural fingerprints. The Tactics, Techniques, and Procedures (TTPs) they use to build and manage their infrastructure create a unique, digital DNA.

Our platform is built to analyse this DNA, correlating seemingly isolated indicators to map out the entire attack picture. This moves beyond simple pattern-matching, allowing us to connect all the pieces of a campaign and identify malicious infrastructure the moment it appears online, long before it’s fully weaponised.

Achieving preemptive defence requires two things:

Massive-Scale Data Collection: Continuously mapping and actively resolving DNS across the entire global IPv4 and IPv6 space to reveal new infrastructure the moment it comes online.

TTP-Led Behavioural Tracking: Analysing that data to spot the “fingerprints” of malicious activity, such as combining recurring patterns in domains, infrastructure, and operational behavior to track Scattered Spider.

This proactive process tracks and blocks adversary infrastructure during its staging phase. It generates high-fidelity Indicators of Future Attack (IOFA)™: proactive IP, domain, and URL data that allow security teams to identify, track, and ultimately block adversary infrastructure before it is even weaponised. This approach uncovers novel infrastructure yet to be reported.

Turning ACD Strategy into Tactical Reality

ACD and preemptive cyber defence are two sides of the same coin: ACD establishes the strategic mandate for scalable protection, while a preemptive approach to defence provides the technical capability to achieve it by neutralising threats at their source.

Achieving preemptive detection at scale isn’t about having more data; it’s about better data. This capability requires a foundation of Data Independence. By collecting 100% of our own data, we eliminate the noise and latency of third-party feeds and ensure a uniquely accurate and reliable view of global infrastructure.

By leveraging this pre-attack behavioural fingerprinting and the resulting infrastructure data, security teams can automate the detection and blocking of the very mass-volume threats the ACD programme is designed to stop.

This approach directly targets the high-volume attacks central to the ACD’s mission:

Phishing and spoofing: This method identifies brand impersonation attacks, including typo-squatted domains, before they are deployed. For example, analysts can track phishing campaigns targeting UK banks while they are still being set up.

Malvertising: It exposes malicious infrastructure hidden within online ads, a key vector for commodity attacks, allowing it to be blocked before ads are served.

Mass scams: Silent Push data is essential for uncovering large-scale criminal operations. A key example is the FUNNULL CDN, the hub of the Triad Nexus financial fraud network, which hid malicious activity within legitimate cloud services.
- Infrastructure Scale: Over 200,000 hostnames were proxied through FUNNULL in just a few weeks.
- Cloud IP Usage: FUNNULL rented more than 1,200 Amazon IPs and nearly 200 Microsoft IPs.
- Malicious Activities: Supported retail phishing, money laundering, and fraudulent investment platforms targeting global victims.
- This case demonstrates Silent Push’s ability to track hidden infrastructure, reveal novel TTPs, and deliver actionable intelligence to disrupt large-scale scams.
- This case demonstrates Silent Push’s ability to track hidden infrastructure, reveal novel TTPs, and deliver actionable intelligence to disrupt large-scale scams.

Tracking and blocking this infrastructure before the malicious texts are sent is a perfect example of preemptive defence at scale. The focus on disrupting an attack at its origin (the infrastructure), turns the ACD’s strategic mandate into measurable protection against high-volume threats.

Empowering UK Cyber Resilience

The Silent Push Enterprise Edition operationalises preemptive defence at scale, feeding high-fidelity infrastructure data directly into existing security stacks (SIEM, SOAR, firewalls) for automated blocking.

By leveraging data that enables preemptive cyber defense, from community research to enterprise-grade automation, the UK can build a truly proactive digital defence. This stance aligns perfectly with the ACD’s goal, building national resilience by stopping threats before they strike.

See how automated, preemptive cyber defence can protect your organisation. Get a demo of the Silent Push Enterprise Edition today.

Book A Demo Today