Inside the boundary and internally oriented contextual filtering allow operators to immediately identify suspect behavior originating from internal assets and segments. Important security benefits are derived from this deployment and are immediately valuable to security operations team struggling under the load of too much network noise. Precision context brings unexpected and unsanctioned activity to the forefront, so that analysts can immediately respond, or choose to have the solution respond on their behalf.
Most businesses find it necessary to make certain services such as Web, Mail, DNS, and FTP accessible to the public. This part of the network is also more accessible to hackers, and therefore is typically housed in a DMZ to protect the core of the network and its vital data. The DMZ is protected from the Internet to some extent by a firewall, and a second, more intensive firewall protects the internal network from any breaches of the DMZ. This is a straightforward design that usually provides good protection while providing essential services to your employees, customers, and vendors and has several underlying weaknesses that could cause significant to catastrophic damage to the enterprise.
With these types of serious limitations and problems with geographic screening tools, or with the occurrence of the first legitimate connection request from a particular country that was previously blocked by the firewall, many users simply disable the country blocking features in their firewalls and return to their initial approach. The current geographic filters fail because the firewalls lacked the ability to filter on a more precise basis than just the location of the computer or network. A multi-contextual analysis approach that considers additional variables – all at wire speed - will provide the level of detail required to more fully ascertain the security impact of any and every connection attempt.