Why it is Difficult to get Past an Advanced-Ip Layer

Written by: Francesco Trama | Published on: November 3rd, 2015

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

Geo-IP LayerIf I had a nickel for every time I’ve heard the following statement, I’d be retired on a private island by now:

“Proxies/Bots can defeat Advanced Ip Filtering.”

This is the go-to argument in the network security industry, and has been for quite some time. The fact of the matter is that this is true with every security product on the market today. Why is this? The answer is very simple: they have more options than we do to start.

If an attacker has 10,000 freshly acquired zombie computers, the Realtime Blackhole Lists (RBLs) have no idea they exist. If the attacker is cunning, they can cycle their efforts under the radar for quite some time. While RBL’s work, they still are ineffective in newly acquired bots.

Now, let’s take a look at Advanced Ip  filtering. The world has a fixed number of IP addresses, it’s extensive, but fixed. If we take a quality Advanced Ip  layer and start restricting countries and companies by ports bi-directionally, no matter how many bots the attacker has acquired, they are bound by the rule set defined in the Advanced Ip  layer.{{cta(‘a9ecac34-12f8-4d04-8742-1db89ec9917c’,’justifyright’)}}

This is a big win for corporations working hard to prevent a security breach each day, despite constant attempts to cross their firewall. If the attacker probes your systems for vulnerabilities using those 10,000 bots, they will not get the same results from each of those bots. Instead, they will see inconsistent responses, thus making their task much more difficult.

For example, if an attacker finds a telnet port, they will proceed to test the passwords. They will attempt to use the power of the 10,000 bots to find passwords without being noticed. But, they will not get through the Advanced Ip  layer because, by that point, the original 10,000 bot army is reduced to less than a few hundred because of the limits from those countries. This forces the attacker to increase their visibility in the security environment, making it easier for the security team to identify them

This empowers the security professional to be more strategic and less reactive when identifying new threats to the environment. What do you think? Have you used Advanced Ip  filtering to reduce traffic from threat sources? Share your comments below{{cta(’84eea937-e982-46cd-9753-8056e738652d’,’justifyright’)}}