Cyber offenses now account for around a third of all crime across Asia and South Pacific
Latest Interpol review shows how scams continue to dominate, and AI-enabled attackers prove too hot to handle for cash-strapped regions
Read more →Actionable Cyber Threat Intelligence for real-time protection
Cyber criminals from around the world are grouping in associations to be more effective on their attacks, while 98% of organizations defend themselves alone!. Join OneFirewall Alliance Today for instant protection with a united CTI
Trusted by Global Organizations
A subset of our alliance members - currently surpassing 290 members worldwide.
Compatible and integrated with the following architectures and 166 more!
Alliance Members {contributors}
Real-time threat data collected from alliance members across Top 12 countries — continuously enriching the Alliance IoC feed
● LIVE — Intelligence nodes actively contributing IoCs to the Alliance feed
Product Ecosystem
An integrated suite of cybersecurity products — all powered by our Alliance Threat Intelligence
INTELLIGENCE CORE
FOUNDATION
Cyber Threat Intelligence (CTI)
Allianc-sourced threat intelligence covering IP addresses, domains, URLs, and malware. Real-time feeds for comprehensive threat coverage.
Actionable Cyber Threat Intelligence & IoC Feeds →290+Alliance Members
Real-TimeThreat Feeds
GlobalCoverage
Network Security (IPS)
Automated Prevention
One-Click integration for automated threat blocking across IPS, XDR, firewalls, WAFs, and routers.
View Plugin Integrations →
OneDevice Firewall
IPS Appliance available in two versions: parallel with pfSense or standalone in-series.
OneDevice Appliance →
Web Firewall
Web Application Firewall (WAF) for protecting web applications against common Web attacks.
WAF Documentation →
Secure DNS
DNS service powered by Alliance Threat Intelligence to prevent resolution of malicious domains and block risky IPs.
Secure DNS Documentation →Endpoint & Access Protection
Mobile Protection
Mobile App with local VPN self-routing to prevent malicious inbound and outbound traffic.
OFA Mobile →
Private VPN
Dedicated VPN for workplace environments, fully integrated with the threat intelligence alliance.
closedvpn.io →
AI Gateway
Firewall for AI public services, enabling safe and secure AI usage while preventing data leakage.
onefirewall.ai →In-Depth Security
Active Scan
Offensive security platform for DAST, dark web scanning, and penetration testing.
vulnix0.com →
Secure Channel
Secure Owned Communication (SOC) platform for protecting sensitive data in transit and at rest.
SOC Documentation →
Software Security
Comprehensive security platform developed in partnership with AquilaX LTD in UK.
aquilax.ai →What We Do
Threat Intelligence Alliance
Crowd-sourced threat intelligence covering IPs, domains, URLs, and malware. Over 210 alliance members sharing vetted intelligence.
Automated Prevention
Real-time synchronization with IPS, XDR, firewalls, WAFs, and routers for automated threat blocking.
Mobile & Endpoint Protection
Self-routing local VPN application protecting devices from malicious inbound and outbound traffic.
Enterprise VPN & DNS
Workplace-dedicated VPN and secure DNS services powered by alliance threat intelligence.
AI Gateway Security
Specialized firewall for AI public services preventing data leakage while enabling safe AI usage.
Offensive Security
Comprehensive DAST, dark web scanning, and penetration testing to validate defensive posture.
Why OneFirewall
Real-time threat, IoC and CTI blocking
Unified intelligence layer
Automated IPS integration (WCF Agent)
Device-based pricing (not traffic-based)
Centralized management
Reduced security tool sprawl
Faster incident response
Enterprise-grade scalability
Architecture Overview
01
Intelligence Ingestion
02
Threat Validation
03
Enrichment Layer
04
Distribution Engine
05
IPS Synchronization
06
Real-Time Prevention
Frequently Asked Questions
Quick answers to the most common questions — view the full FAQ page for 30+ topics.
What is OneFirewall Alliance?
OneFirewall Alliance is a UK-based cybersecurity company headquartered in London. It operates a crowd-sourced Cyber Threat Intelligence (CTI) platform built on an alliance of 290+ organisations worldwide. Member organisations share vetted threat indicators — malicious IPs, domains, URLs, and malware signatures — consolidated, enriched, and distributed in real time as actionable feeds for automated firewall blocking.
How often is the threat intelligence updated?
Intelligence is updated in real time. New indicators submitted by alliance members are validated and distributed to all connected members within <200ms sync latency. The WCF Agent on your firewall pulls updated block-lists continuously — no manual intervention or scheduled batch imports needed.
What is the Crime Score?
The Crime Score is a proprietary risk value from 0 to 1000 assigned to every threat indicator. It combines alliance sighting frequency, historical behaviour, sector targeting profile, MITRE ATT&CK technique severity, and community confidence weighting. A score of 700+ is generally considered high-confidence for automated blocking — with thresholds configurable per environment.
Which firewalls and platforms does OneFirewall integrate with?
The WCF Agent supports 166+ security platforms including Check Point, Fortinet FortiGate, Forcepoint NGFW, Cisco, Palo Alto Networks, pfSense, OPNsense, Juniper SRX, Sophos, and many more — plus XDR platforms and WAF solutions. The full compatibility list is at docs.onefirewall.com.
Does the CTI feed support STIX / TAXII?
Yes. The OneFirewall CTI API returns indicators in STIX 2.1 format and is compatible with TAXII 2.1. You can connect directly to Splunk, Microsoft Sentinel, IBM QRadar, or any STIX/TAXII-capable SIEM or SOAR without writing custom parsers.
Is there a free trial or Proof of Value?
Yes. OneFirewall offers a Proof of Value (PoV) programme — connect to the live intelligence feed and measure its impact on your existing infrastructure before committing to membership. Contact the team to arrange yours.
Cyber Attack Intelligence: Latest News
Real-world cyber attack coverage from the past 24 hours — view all news →
![The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)](https://isc.sans.edu/diaryimages/images/Adam_Nason_pic1.png)
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], Author: Guy Bruneau
Read more →
Cybercrime Surges in APAC as Digitalization Takes Hold
Interpol claims cybercrime accounts for third of crime in over half of Asia and South Pacific countries
Read more →
Barracuda introduces AI-powered email security with automated threat response
Barracuda Networks has unveiled Barracuda Integrated Email Protection, an Integrated Cloud Email Security (ICES) solution delivering protection against evolving AI-driven threats. Powered by AI, the s...
Read more →Global hacking group targets North Queensland cane producer
A Russian-speaking ransomware operation known as The Gentlemen has reportedly claimed responsibility on the dark web for a cyber attack that shut down two regional Queensland sugar mills for a week.
Read more →
Bulgaria Licensed Surveillance Exports to Rights Violators
© 2026 Glenn Harvey for Human Rights Watch (Brussels, June 18, 2026) – The Bulgarian government between 2018 and 2023 licensed exports of surveillance equipment to countries that were likely ...
Read more →See OneFirewall in Action
