Beyond “Seven Layers”: Local Network Protection from Global Threats
Last week my colleague, John Gordineer posted a blog entitled “Seven layers of protection from hacked websites”. This blog goes further in examining how you can be protected from threats that can emerge from the other side of the globe.
If you have kids, you often find out that a virus is running through the school when your child comes home with it. The internet is a lot like the school playground; it’s a notorious place for catching nasty viruses. Just like on the playground, the most common pathway for distributing malware is through the internet. As with playground viruses, you can’t predict what virus strain your network will get. One of the ways cyber-criminals avoid detection is to simply modify the existing code. Criminals can then leverage legitimate websites to test whether malware detection engines will recognize it. When the code is sufficiently modified, so that it’s no longer seen as malicious, voilà , you have new malware. Consequently, new threats are popping up around the world every hour, night and day.
Today, the sale of cyber-criminal tools is a thriving business with pricing models ranging from outright sales to time-based rentals. For example, an online banking malware called SpyEye could have been obtained (the creators were caught and prosecuted) for $150 which included three months of free hosting. Like other software it included updates, patches and technical support. Another cyber-criminal technique is the spread of botnets, which are a vast network of computers used to transmit malware to other computers on the internet. The botnet is manipulated by a command and control (C&C) server, which can send out thousands of emails linked to malicious software.
Global threats require global security solutions
With cyber-criminals continually upping their game, there are some specialized tools for reducing the chance of being compromised.
With GeoIP filtering, each packet of data contains an IP address identifying where it is coming from or going to. These IP addresses have been allocated to specific countries. For example, Tajikistan has less than 50,000 IP addresses and North Korea only 2,304. China on the other hand has 333 million and the US leads the list of addresses with over 1.6 billion IP addresses. (“Allocation of IP Addresses by Country.” CIPB –. 1 Apr. 2015. Web. 1 Apr. 2015.) Blocking IP addresses from countries you don’t do business with limits the ability of botnets to infect your network. In case your network is already compromised, it is good practice to block traffic leaving your network.
Here are some important GeoIP defense strategies:
- Filter all incoming and outgoing communication to a particular country or region.
- Make sure your firewall provider is an organization that can identify threats globally.
- Hire an IT service provider who can react quickly to protect your network.
Global presence. It is an old adage that you can see further when you stand on the shoulders of giants. As far as malware protection is concerned these giants can be defined by the number of sensors a security organization deploys. With the intricately connected world that the internet brings us, malware that originates in Thailand takes only a couple of clicks to find its way onto your desktop. The best defense is to employ an IT security company that has both in-house security research and is a recognized leader in the industry. It is their in-house resources that allow the best security companies to identify malware early and protect your assets before it spreads. These are organizations that can see further because they have millions of sensors around the globe.
Rapid reaction. Seeing further is only half of the equation; you also need to react faster. Cyber-criminals rely on slow response to steal from you. The security industry is addressing this issue. When Microsoft identifies a threat and communicates it to the security community, it also tracks how quickly the security organizations create protection from the threat. Microsoft’s Active Protections Program (MAPP) shows the partners who respond quickly. Is your firewall or antivirus provider on the fast responder list? How rapidly your security partner responds can give you an indication of their effectiveness in protecting you from emerging threats. The security of your business depends on sophisticated global protections that will help reduce your chance of being compromised. Geographic protection comes in two flavors, filtering out traffic by geography (GeoIP filtering) and having an IT service provider that operates globally and reacts immediately to emerging threats.
If you want to learn more you might start by reading SonicWall Security’s new eBook, “Types of Cyber-Attacks and How to Prevent Them”. Follow me on twitter @KentShuart.