Our organization – a large privately held insurance company – is continually working to protect network resources by understanding the attack surface and finding ways to limit access to potential attackers. We knew the best way to protect our network from high-risk traffic is simply blocking traffic to/from countries with no legitimate reason to access our network resources.
In addition, blocking IP traffic by country allows us to easily comply with government regulations, like OFAC, which prohibits US financial institutions from engaging in any dealings with specific foreign nations.
Within 24 hours of installing PoliWall in our network, the reporting dashboard allowed us to quantify the alarming number of threats scanning our network for vulnerabilities.
The following data shows all inbound/outbound connection attempts over a ten week period. We can track dropped/allowed connections by country, monitor where any data leaving our network is headed, and get specific IP intelligence on out-of-compliance traffic flows.
Blocked Connections: Over the ten week period, we blocked 3,522,070 connection attempts from 157 separate countries. Ten countries (China, Russia, Brazil, India, Korea, Vietnam, Bulgaria, Turkey, Poland, and Argentina) accounted for 80% of the high-risk IP, with 1,105,709 blocked connection attempts from China alone.
From a practical standpoint, why would we get any traffic from Iran—much less the 38,484 connection attempts registered in the reporting tool? There is no valid reason, especially when you consider the low-profile nature of our public web server. We also found blocking these threats reduced the volume of traffic hitting our network, and subsequently the number of security alerts our system administrators logged and analyzed.