If you have to have any open ports or static NAT's, etc. inbound to a server or app, a rule to alert you when known threats are detected coming to that particular IP and perhaps actions to auto-block those external offenders could seriously hinder the attacker. This could be another layer of defense to protect your Internet facing nodes or nodes that shouldn't be doing anything questionable at all with the Internet, such as your servers that rarely browse the web or any credit card subnets, etc.
↧