onefirewall.com

What It Is

OneFirewall Alliance is a London-based cybersecurity company focused on alliance-based, crowdsourced cyber threat intelligence (CTI). Its platform collects verified malicious IPs, domains, URLs, and malware hashes from members worldwide, then deduplicates and enriches the data, maps it to MITRE ATT&CK, and assigns a Crime Score risk rating. The intelligence can then be delivered to existing security controls via real-time feeds, APIs, or the WCF Agent for automated blocking.

Core Capabilities and Deployment

Protection coverage includes CTI, automated IPS/firewall blocking, WAF, Secure DNS, local VPN for mobile devices, enterprise VPN, AI Gateway, DAST, dark web scanning, and penetration testing. The WCF Agent is a key component: it can be deployed on a Linux physical or virtual host, requires only outbound HTTPS, continuously pulls threat intelligence, and converts it into native rules. OneDevice provides a hardware IPS/firewall option and supports either inline or parallel deployment. The official website says it supports 166+ platforms, including Check Point, Fortinet, Palo Alto, pfSense, AWS, GCP, Cloudflare, Splunk, Microsoft Sentinel, and QRadar, as well as STIX 2.1/TAXII 2.1.

Pricing and Compliance

Pricing is per device rather than based on traffic volume or intelligence volume, which should make costs easier to forecast. However, the official website does not publish specific pricing, so you need to contact sales. The CTI API can be used independently and is metered by request. For enterprise evaluations, OneFirewall Alliance offers a 1-month Proof of Value. The materials emphasize that it runs in the customer’s local environment and does not export raw traffic or logs. On the compliance side, the company discloses Cyber Essentials Certified status and membership in the Cyber Threat Alliance.

Pros and Cons

Its main advantage is that the intelligence is directly actionable rather than just a raw list of IoCs. Crime Score, MITRE mapping, and STIX/TAXII output help reduce analysis and integration effort. Its broad platform integrations make it suitable for organizations that already have complex security stacks. The downsides are that pricing, SLA details, Chinese-language support, and localized services are not disclosed. Effectiveness also depends on the coverage and quality of intelligence from alliance members. In addition, the website uses both 180+ and 210+ when referring to the number of alliance members, so this should be confirmed before procurement.

Who It’s For and China Access

OneFirewall Alliance is best suited to enterprise SOCs, MSSPs, critical infrastructure operators, government agencies, telecoms, financial institutions, and defense organizations for unified threat intelligence, automated blocking, SIEM/SOAR enrichment, and DNS/WAF/mobile protection. The official website does not specify access from mainland China, payment methods, or support for local data compliance requirements, so china_access is assessed as unknown. If you need domestic deployment and local services in China, you may want to compare it with local threat intelligence providers such as 微步在线, 奇安信, and 天际友盟.