Wednesday, September 18, 2013

Making a World of Difference - Geo-IP FIltering's Crucial Importance to Network Security

I'm posting this here for all to read and ponder.  You can download the full white paper with images at 

Making a World of Difference - Geo-IP FIltering's Crucial Importance to Network Security

Francesco Trama
President & Co-Founder,
Draft Date: Aug 25, 2013

1. GEO-IP FILTERING: What it is and how new advances have changed the network security paradigm. 

Geo-IP filtering is a network security tool that allows or denies network traffic based on geographical location.  Sometimes referred to as country filtering or blocking, Geo-IP filtering allows your network to choose places in the world from which it will accept network traffic. More importantly, innovative designs in Geo-IP Filtering enable new and unparalleled levels of precision that allow businesses to prevent access to and from high risk geographical areas without excluding potentially valuable customers or business.

Consider the following example of an actual event that took place on one of our client’s networks.  O ne of the client’s users clicked on an email attachment that installed a virus. The virus was a form of Cutwail designed with numerous harmful capabilities including harvesting emails, breaking CAPTCHA’s , downloading additional files, spreading spam and trojans, or participating in pay-per-click ads Even though this was a well-known virus that circles the globe regularly, the client’s security layers failed, creating a perfect storm that ultimately allowed the virus to make residence in the user’s computer with potentially grave consequences.  If the virus remained undetected and escaped from the client’s network, it could have been transmitted and created new infections on the computers and networks of the client’s customers as well as their vendors.   This would certainly be damaging to the client’s business relations, and it is likely that the client’s mail servers would be placed on a blacklist, preventing the client from sending messages to others around the world, but the consequences could be even more disturbing.  The costs of eliminating the virus would be significant, and the compromised information on theclient’s own network as well as potential liability for compromised client and vendor networks could send the price sky-rocketing.   Resolving these issues could mean bringing in expensive consultants or allocating internal resources to eliminate and assess the damage, resulting in missed business opportunities, loss of revenue, and significant legal liabilities if private data had been compromised


Fortunately, because this company used a new and advanced Geo-IP filtering system to control and monitor both inbound and outbound traffic based on location, this potential catastrophe was avoided without incident. The Geo-IP filter was able to prevent the virus from functioning properly by eliminating its ability to communicate freely around the world. The virus was denied access to Command & Control and other nefarious networks, preventing any significant loss of time or productivity.  After reviewing their event, we found that the virus attempted to communicate to networks within 18separate countries, which displayed a level of sophistication in transmission that could have eluded firewall s and spread the virus into other networks .  Without the Geo-IP filter, and despite having a high quality IDS/IPS firewall , serious damage to the client’s network as well as the networks of their customers and vendors, significant loss of crucial data, and harmful breaches of confidential or proprietary information could have occurred.  Instead, because thenetwork was utilizing Geo-IP filtering to filter both in-bound and out-bound traffic as a first and last line of defense, the virus had no significant impact . This underscores the limitations of typical network security paradigms, and highlights the critical importance of the extra layer of protection provided by a well-designed Geo-IP filter.

Ponemon Live Threat Intelligence Impact Report 2013: ” If detection is possible, respondents say it would take on average approximately 11 days to know with a high degree of certainty,”

The importance of harnessing the power of Geo-IP filtering as part of a comprehensive security system seems obvious when one considers the massive volume of cyber-attacks that threaten networks on a daily basis.  However, many network security specialists are reluctant to implement such a system.  This probably stems from past experience that individuals may have had with such systems.  For example, it is true that some Geo-Filtering systems caused networks to slow down orcreated difficulties with email or internet access.  Others may have interfered with business practices and been difficult to use effectively.  These problems were caused by limitations in the technology that caused these systems to lack precision or to be unwieldy.  Fortunately, recent advances have enabled the emergence of enhanced Geo-IP filtering capabilities and have created dramatically improved security with customization to address the needs of each individual business on a user-friendly, efficient platform .  Given these new advances in Geo-IP filtering, geographical screening of access using these filters should be considered an indispensable part of any company’s security system.  


The cost of a breach in security to a company can be catastrophic.  According to Ponemon, a single security breach often costs a company more than $500,000 , and recent studies have reported that cyber-crime costs the U.S. economy a staggering $100 to $140 billion dollars and half a million jobs. Furthermore, these costs are certainly not isolated to America.  In Great Britain, it is estimated that cyber-crime costs companies 27 billion pounds, and it isprobable that the financial damage to other nations occurs at a similar rate. These numbers should cause any business owner or security specialist to recognize two crucial facts.  First, the costs of security breaches are huge and increasing.  Secondly, damages of this size provide great attraction and motivation for hackers.  Therefore, we can expect that the numbers and severity of cyber-attacks will get much worse before they get better, and intelligent leaders should take prompt and decisive action to protect their company. 

You can download the full white paper at

Frank Trama
President & Co-Founder
Viper Network Systems, LLC

No comments:

Post a Comment