How IP address data can bolster the cybersecurity of federal agencies and their contractors

0

Defending network assets requires security professionals who work with federal agencies and contractors to respond to recent changes in the virtual private network market and the threats they pose to networks and data. government. Addressing these threats requires a more comprehensive data set that provides context around the VPN providers themselves, including the IP addresses associated with them.
New VPN Providers, Increased VPN Usage
VPN usage has skyrocketed during the pandemic…

READ MORE

Defending network assets requires security professionals who work with federal agencies and contractors to respond to recent changes in the virtual private network market and the threats they pose to networks and data. government. Addressing these threats requires a more comprehensive data set that provides context around the VPN providers themselves, including the IP addresses associated with them.

New VPN Providers, Increased VPN Usage

VPN usage has skyrocketed during the pandemic. While much of this usage stems from employee access to corporate data, remote work doesn’t account for all of the growth. Many people use a VPN to access content restricted to specific geographic regions. In fact, according to a user survey, 57% of respondents said they use a VPN to access better entertainment services.

Today, 31% of Internet users worldwide use a VPN, thanks in part to a new generation of VPN providers offering proxy service at no cost. Unfortunately, users who download free VPN software in order to circumvent geographic content restrictions unknowingly have their residential IP addresses hijacked by these VPN providers. By agreeing to their terms of service, consumers’ residential IP addresses are then sold to other VPN providers who, in turn, sell them as a premium offering. Other VPN providers offer bad actor-friendly features, such as no-logging, and come from regions of the world known to be hotspots for bad behavior.

That’s not to say that VPN use is inherently bad. There are many legitimate VPNs out there that are strictly meant to be used for privacy. The challenge for security professionals today is to differentiate between risky and good VPN connections so they can block malicious actors, while allowing legitimate employees access to their networks. The secret to making this distinction is in the contextual data surrounding individual VPNs and IP addresses.

Contextual information to strengthen cybersecurity

Federal agencies and contractors need detailed information to help them identify whether an IP address is associated with a VPN, proxy, or darknet, and other details so they can make intelligent decisions about users who have access, are blocked or need to authenticate further. This includes:

  1. VPN Ranking: Is the VPN hidden, public or private? Masked VPNs are a red flag for federal agencies, and you can choose to block them from automatically accessing the network or data. Authorized employees may want to access data through a public VPN they have installed, and if so, you’ll want to make sure it’s not one of the vendors that collects consumer IP addresses. .
  2. Proxy or Darknet: Are the IP addresses associated with a proxy or a darknet? The presence and type of proxy should affect how certain IP traffic is handled. However, Darknet traffic is virtually untraceable between server and client, making it imperative to target the type of traffic.
  3. VPN Provider Name/URL: Some VPNs, like VPNLab.net, are known to be used by criminals to distribute ransomware, malware, and other types of cyberattacks. Knowing the name and URL of the VPN will allow you to research providers and determine if they meet your standards.
  4. Location: Is the provider located in an area of ​​the world known for criminal activity? Or a country, like Russia, that won’t extradite cybercriminals? Considering geographic access points for cybercriminal activities and economies is a key part of filtering and identifying safe VPNs.
  5. Enables user anonymity: Nefarious actors want to keep their identities and actions hidden, and VPNs that allow anonymous use and don’t log user activity are favored tools. Federal agencies may not allow these users to access their data.
  6. IP addresses linked to a provider: This data allows you to understand whether a given IP address is associated with a VPN provider that is benign or frequently used by malicious actors.

The influx of new VPN providers and the number of people using them has muddled the waters for security professionals. They need to know a lot more about individual providers and their features, and make decisions and rules based on their offerings to prevent bad actors from infiltrating or hijacking their systems or engaging in espionage. Access to precise and granular IP geolocation data and other contextual information is crucial to this process, which means it is essential that security professionals work with reliable data providers when deploying these types of solutions.

Justin Skogen is vice president, business and government, for digital element.

Share.

Comments are closed.