Try as they might, network security administrators and managed security service providers (MSSP) are fighting an uphill battle when it comes to preventing corporate cyber breaches and ransomware attacks. In fact, cyber breaches have increased by 14% compared to this time last year, while ransomware attacks have gone up an eye-popping 71% in the same span.
Unfortunately, the number of attacks isn’t likely to slow any time soon (if ever). The Federal Trade Commission estimates identity fraud to be a $56 billion industry, and breaking into corporate systems provides bad actors with access to all sorts of personally identifiable information (PII) data that can be leveraged for any number of nefarious purposes, from fraudulent credit card and loan applications to the exploitation of existing accounts.
These types of large-scale data breaches put customer data at risk and can ruin a company’s reputation. Luckily, network security professionals and MSSPs have a tool in their toolbelt that allows them to better understand the traffic accessing their network, where it originates, and whether or not a proxy or VPN is being used; it also provides invaluable context to mitigate damage when breaches do occur. This tool is IP address intelligence data.
IP address intelligence data
When a user attempts to connect to a network, their IP address provides a wealth of information that can be leveraged by network administrators to identify and block potential threats before they arise, and limit damage should a breach occur. And while traditional IP address information, such as geolocation, device type, and historical knowledge, offers security professionals a good starting point for preventing attacks, it does not account for the increasingly sophisticated methods bad actors use to attack a system.
IP address intelligence data provides network security teams with additional invaluable information, such as residential vs. commercial connections, VPN/proxy data, IP address stability, activity level, and VPN features, among others. This extensive data provides insights, such as where attacks originate and the tactics used, which can be used to build a comprehensive set of rules and alerts to ensure that traffic meets specific criteria before being granted access to the network.
Residential vs. commercial connections
A key step in distinguishing between legitimate and potentially nefarious traffic is determining if users’ connections are residential or commercial connections. While neither a residential nor commercial connection is inherently more suspicious than the other, some bad actors will attempt to mask their connection as a residential connection while connecting via a hosting or commercial provider. IP intelligence data allows network security professionals to identify these connections and take the necessary steps, whether it’s flagging the traffic for further screening or blocking it outright.
VPNs and Proxies
As any network administrator knows, VPN usage is increasing drastically YoY, and it is not likely to decrease any time soon. And while VPNs are attractive to nefarious actors, more and more legitimate users are turning to VPNs to protect their privacy online.
Given this, outright blocking any user attempting to connect to a network with a VPN runs the almost certain risk of blocking legitimate users, which, in turn, can damage a company’s reputation with its customers. Therefore, security professionals need to know how to differentiate between legitimate and potentially threatening VPN traffic.
Luckily, there are characteristics that make certain VPN service providers more attractive to bad actors than other providers. For example, a free VPN service may seem like a good deal to a legitimate user. However, these users often do not understand that if a service is free, they are likely the product. These free VPN services look to harvest legitimate residential IP addresses within the United States and resell them to users outside of the country, and there is no telling for what purposes those users might choose to use the harvested VPNs.
Additional characteristics that might make a VPN service more appealing to bad actors include whether or not the service provider logs user activity or accepts anonymous payments.
Therefore, while the IP intelligence data doesn’t keep a network safe by itself, it provides the context necessary to identify potentially dangerous user connections. For example, if a user attempts to access a network using a VPN from a provider that does not log user activity, their connection can be flagged for further authentication or blocked. On the other hand, a VPN connection from a legitimate service provider won’t sound the same alarms, allowing legitimate users to access the system without interruption to their service.
IP data forensics
It is this same IP data intelligence context that allows network administrators and security professionals to glean immediate insights into data breaches and attacks so that they can act quickly and limit the extent of the damage. After all, preventing every single breach attempt is next to impossible, so being able to limit damage when they do occur is of paramount importance.
IP address data intelligence can indicate where an attack originated, whether or not a VPN was used, and other IP addresses associated with the VPN service, among other clues beneficial to understanding how and where attacks occur. These insights can be used to inform and generate certain criteria that must be met before allowing future traffic to access the network.
While bad actors aren’t likely to ever stop attempting to access PII data, network security professionals and MSSPs can utilize IP address data intelligence to better