Advanced Ip Filtering- What it is

Written by: Francesco Trama | Published on: November 8th, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

Advanced-Ip filtering is a network security tool that allows or denies network traffic based on geographical location. Sometimes referred to as country filtering or blocking, Advanced-Ip filtering allows your network to choose places in the world from which it will accept network traffic. More importantly, innovative designs in Advanced-Ip Filtering enable new and unparalleled levels of precision that allow businesses to prevent access to and from high risk geographical areas without excluding potentially valuable customers or business.

Password Protect EverythingConsider the following example of an actual event that took place on one of our client’s networks. One of the client’s users clicked on an email attachment that installed a virus. The virus was a form of Cutwail designed with numerous harmful capabilities including harvesting emails, breaking CAPTCHA’s, downloading additional files, spreading spam and trojans, or participating in pay-per-click ads Even though this was a well-known virus that circles the globe regularly, the client’s security layers failed, creating a perfect storm that ultimately allowed the virus to make residence in the user’s computer with potentially grave consequences. If the virus remained undetected and escaped from the client’s network, it could have been transmitted and created new infections on the computers and networks of the client’s customers as well as their vendors. This would certainly be damaging to the client’s business relations, and it is likely that the client’s mail servers would be placed on a blacklist, preventing the client from sending messages to others around the world, but the consequences could be even more disturbing. The costs of eliminating the virus would be significant, and the compromised information on the client’s own network as well as potential liability for compromised client and vendor networks could send the price sky-rocketing. Resolving these issues could mean bringing in expensive consultants or allocating internal resources to eliminate and assess the damage, resulting in missed business opportunities, loss of revenue, and significant legal liabilities if private data had been compromised.

The Role of Advanced-IP Filtering in Averting a Security Nightmare

Fortunately, because this company used a new and Advanced-Ip Advanced-Ip filtering system to control and monitor both inbound and outbound traffic based on location, this potential catastrophe was avoided without incident. The Advanced-Ip filter was able to prevent the virus from functioning properly by eliminating its ability to communicate freely around the world. The virus was denied access to Command & Control and other nefarious networks, preventing any significant loss of time or productivity. After reviewing their event, we found that the virus attempted to communicate to networks within 18 separate countries, which displayed a level of sophistication in transmission that could have eluded firewalls and spread the virus into other networks. Without the Advanced-Ip filter, and despite having a high quality IDS/IPS firewall, serious damage to the client’s network as well as the networks of their customers and vendors, significant loss of crucial data, and harmful breaches of confidential or proprietary information could have occurred. Instead, because the network was utilizing Advanced-Ip filtering to filter both in-bound and out-bound traffic, as a first and last line of defense, the virus had no significant impact. This underscores the limitations of typical network security paradigms, and highlights the critical importance of the extra layer of protection provided by a well-designed Advanced-Ip filter.

Ponemon Live Threat Intelligence Impact Report 2013: ”If detection is possible, respondents say it would take on average approximately 11 days to know with a high degree of certainty,”

The importance of harnessing the power of Advanced-Ip filtering as part of a comprehensive security system seems obvious when one considers the massive volume of cyber-attacks that threaten networks on a daily basis. However, many network security specialists are reluctant to implement such a system. This probably stems from past experience that individuals may have had with such systems. For example, it is true that some Geo-Filtering systems caused networks to slow down or created difficulties with email or internet access. Others may have interfered with business practices and been difficult to use effectively. These problems were caused by limitations in the technology that caused these systems to lack precision or to be unwieldy. Fortunately, recent advances have enabled the emergence of enhanced Advanced-Ip filtering capabilities and have created dramatically improved security with customization to address the needs of each individual business on a user-friendly, efficient platform. Given these new advances in Advanced-Ip filtering, geographical screening of access using these filters should be considered an indispensable part of any company’s security system.

Characteristics of Enhanced Advanced-Ip Filtering

When considering a provider of Advanced-Ip filtering, all of the features described above are required in order to provide security without limiting the reach of your company. The following list includes the essential features that should be present in any high quality Advanced-Ip filter system:

  • Independent: Advanced-Ip filtering should exclusively be handled
  • Transparent/Inline: reduces latency to packet handling
  • Accuracy: IP data must be updated daily, to accurately identify traffic origins/destinations
  • Port Filtering: add port restraints based on country origin and destination
  • Quick Select/Simple GUI: Ability to choose geographical locations to permit or deny
  • Ingress/Egress: filtering to/from countries and ports
  • Global Network Lists TM to quick select global business, services, and hazardous network areas
  • Alerts, Triggers: based on geographical location bandwidth usage, and activity
  • Quick/Real Time logging: View of live source and destination based of geo-location and their ports
  • Quick filter/block on known associated source/destination IP networks
  • Quick IP check: To display source country, Region, City, Coordinates, RDNS, ISP, and Network Speed{{cta(‘276ea17d-e7d1-4851-acb5-5a94e45af9a6′,’justifycenter’)}}
  • {{cta(‘b76f2c08-4a70-4432-9fb2-1aef4dc9f3d3′,’justifyright’)}}