Josh Anton, Chief Strategy Officer for Digital Envoy
In a digital world, network security is one of the most important factors to ensuring a company’s data and systems remain safe from attacks and bad actors. In fact, it’s not just companies that need to take network security seriously. Just a few months ago, Russia launched a campaign of DDoS attacks and BGP hijacking against the Ukraine to weaken their civil infrastructures.
While this may be an extreme example, it displays just how important it is for organizations to bolster their cybersecurity and protect their critical assets. That being said, it can be extremely challenging to stop every single attack before it occurs.
With IP data, security professionals can better proactively prevent attacks and enhance the forensic efforts needed to mitigate damage when an attack does occur by giving context to the users connecting with their network. Here are three ways in which IP context can help security professionals protect their network.
Deploy enhanced forensic efforts to mitigate bad actors
Mitigating the damage from an attack requires a substantial amount of digital forensics. For example, if bad actors are able to steal the requisite credentials to access a network, there is no way to retrieve them once the theft has occurred. Therefore, until systems are patched to address the threat, security teams need to investigate anyone looking to use those credentials to access the network. Such is the forensic aspect of network security.
Knowing every detail of a cyber-attack is the principal step in mitigating the initial impact and lessening subsequent damage. It can also be just as important as preemptive security measures since blocking every single attack is near impossible.
At any given time, the cybersecurity industry is aware of a certain amount of compromised credentials (or “keys” into a network) that could allow bad actors to access sensitive data and systems. This can help to inform which sections of a network need to be patched. This explains why it is important for system administrators to prioritize known vulnerabilities and require multi-factor authentication.
IP data provides the context to better understand how these cyberattacks are carried out, including whether the bad actors are using a VPN or proxy and what type of IP address the traffic is coming from, thus bolstering cybersecurity professionals’ ability to determine the who, what, where, and when of an attack.
Leverage IP data to preemptively block attacks
As mentioned, stopping every attack before it occurs is next to impossible. However, that doesn’t mean proactive network security isn’t important. Using IP data to provide context to the users accessing your network can help security professionals take action against potential threats and limit the number of attacks that do occur.
For example, when a user accesses your network, their IP address informs you to their geolocation, whether they are connecting from a residence or business, and whether any proxies or VPNs are being used to mask the connection.
If an IP address is connected from within the United States, but is masked with a VPN provider from Russia, this could represent a potential bad actor. You can then uncover if any other IP addresses accessing your network are tied to that same VPN provider.
Overall, IP data can put context to a single potential threat to help uncover a larger web of threats, allowing you to take preventative action against attacks before they occur.
Understand the context of VPN services
In the example above, we mention a user connecting to your network while using a Russia-based VPN service to mask their connection. This is a potential red flag that could warrant further action by your network security team. However, not all VPN services are an indication of a potential threat. IP data provides the context needed to understand whether a user using a VPN service represents a potential bad actor or not.
There are several reasons why a VPN service might be flagged as suspicious. If the VPN service is based in a nation that is suspected of launching cyber-attacks, that can raise a red flag with many security professionals. Furthermore, if the VPN service is free or promises not to log activity, that can make it especially appealing to bad actors.
Using IP data to gain insights into a VPN masked IP address trying to access your network allows you to make informed decisions on whether to flag the traffic for additional authentication or block it outright.
Ultimately, IP data helps to paint a more vivid picture of the users seeking to connect to your network. By understanding the broader context of the user’s connection, obtained through their IP address, security professionals can make informed decisions to proactively block attacks and mitigate damage when attacks do occur.
Josh Anton is an UVA McIntire Alumni, the founder of Outlogic (formally X-Mode), and the current Chief Strategy Officer for Digital Envoy.Outlogic provides real-time location data and technologies that power location intelligence for hundreds of companies and their business solutions in retail, financial services, cyber security, real-estate, and the public sector, all while mapping the precise routes of 10% of the U.S. Smartphone Population daily. Under Josh’s leadership, Outlogic raised $20+ Million in funding and grew to 50+ employees prior to selling to Landmark Media and merging with Digital Envoy in May of 2021.
Other ventures Josh has played an active role has included being the former CMO of Hungry, and co-founding an Influencer Marketing Agency called TrendPie that sold in 2018. Josh has spoken for TedX UVA and for UniLever in London on social entrepreneurship.
To see more info on Josh and Outlogic, please visit his LinkedIn or Outlogic.io