My wholesale organization is continually trying to secure and harden the perimeters. Our goal was to identify and successfully integrate a cost-effective security appliance and/or service that was effective against a broad spectrum of common security threats while resulting in the least amount of modification to existing network infrastructure and perimeter defense.
There is no defensive technique or measure that’s 100%. And we are not a high-value target. We are more of a target of opportunity. If the initial probes into your defenses yield a lot of weak spots or a lot of openness, then my experience is you get revisited with the more aggressive techniques.
We could see from that that once that you’re on the radar of these countries, they begin to hammer you. The former Soviet bloc, or Russian Federation, was a big originator, and most certainly the Asian block from countries like China. So we needed a nuclear, unconventional, option to block IP ranges by country without taking our already strained staff hours to manage as would be required in a firewall.
Blocked Connections: Over the ten week period, we blocked 792,943 inbound connection attempts from 160 separate countries. Ten countries (China, North Korea, Russia, Japan, Taiwan, United Kingdom, Vietnam, Turkey, India, and Ireland) accounted for 87% of the high-risk IP, with 312,649 blocked connection attempts from China alone.
Alarmingly, we blocked during the same period 2,046,446 outbound connection attempts to 135 countries. From a practical standpoint, why are we sending out 21,438 connection attempts to China, or 79,444 connection attempts to Russia?
We saw an immediate and quantifiable reduction in probing attempts as well as “Brute Force” and DDoS attacks. Our threat exposure from outside sources was reduced by over 75% on the first day of implementation. And the return continues to impact our numbers by the over 60% reduction in hours spent in monitoring and ProACTively addressing potential security threats.