value, impact, and importance of a geo-ip layer

Geo-IP Layer of SecurityValue, Impact, and Importance In Today's Security Environment

Francesco TramaCo-Founder PacketViper, LLC

Reluctance Of Use

• Management • Data Reliability/ Accuracy • Complexity • Increased Latency

• We’re A Global Company • Proxied Connections • Global Network Economy

?

Today’s Firewall’s

FTP

MAIL

WWW

VPN

SSH

TELN

IMAP

FTP

MAIL

WWW

VPN

SSH

TELN

!

!

!

!

Today’s Firewall’s

FTP

MAIL

WWW

VPN

SSH

TELN

IMAP

(Outbound)

Unwanted Traffic Effects

• Burdens Performance • Increases Logging • Increases Alerting • Increases Management • Reduces Threat Visibility

Low Impact Probing From Many Location

Attacker Advantage: Bots/Proxy

Attacker Advantage: Bots/Proxy Connection Based DDoS

PROTECTED

Attacker Advantage: Bots/Proxy Millions Of Options

Alerting / Logging

Global Economy

Firewall’s With Geo-IP Layer

FTP

MAIL

WWW

VPN

SSH

TELN

IMAP

FIREWALLFTP

MAIL

WWW

VPN

SSH

TELN

IMAP

GEO-IP

Effects With Geo-IP Layer

• Burdens Performance • Increases Logging • Increases Alerting • Increases Management • Reduces Threat Visibility

• Improves Performance • Reduces Logging • Reduces Alerting • Less Management • Improved Threat Visibility

PROTECTED

CurrentDMZ

PacketViperGEO-IP LAYER

Allow 80

Allow 80

Allow 80Allow 80,443,25

Allow 80,443,25

Allow 80,443,25

Allow 80,443,25

Allow 80,443,25

Allow 25

Allow 25

Allow 25

Allow 80, 25

Tailor Country Traffic

Allow 80, 25

PROTECTED

PROTECTED

Reduce Proxy Effectiveness

PROTECTED

Combat Connection Based DDoS

Proper Geo-IP Filtering Effects on Proxy/Spoof

• Reduces The Attack Surface • Diminishes Their Effectiveness • Combat Connection Based DDoS Attacks • Improves Detection

Companies At Geo-IP Layer

FTP

MAIL

WWW

VPN

SSH

TELN

IMAP

FIREWALLFTP

MAIL

WWW

VPN

SSH

TELN

IMAP

GEO-IP

Effects of Company Filtering In TheGeo-IP Layer

• Tighter Controls To/From Countries • Reduces Risks/Exposures • Better End User Experience

Summary

• Geo-IP Filtering Tools Improve the entire security layer by eliminating the volume through it.

• Geo-IP filtering should are not as robust on Application Layer devices.

• Geo-IP filtering lowers the threat exposure for the entire environment by limiting who has access globally.

• Geo-IP Filtering helps security teams identify threats faster, while reducing management time.

Improve Everything, Replace Nothing

www.packetviper.com Toll Free: 855-758-4737