GEOBLOCKING

Stopping attackers at the source.

The below example provides a view of configured GeoBlocked countries, with exceptions carved out for desired IP addresses, domains and individual email addresses.

What is GeoBlocking?

Geoblocking (or geofencing) is the process of preventing access or network communication from certain geographic locations and is almost always used for security purposes.

Since time immemorial, those with resources are always attacked by those seeking to take them by force or subterfuge; this spurred the construction of gates, walls, fortresses, transportation Customs agencies, counterintelligence agencies, and other impediments to access. The same concept holds true in the Information Age, with the resources being largely the same: money, data and access, both physical and digital.

The vast majority of organizations Tangent serves operate within the United States, with both their employees and clients stationed nationally; in these situations, they rarely have a need to communicate internationally. By blocking access from international countries, either entirely or selectively to just common troublemaker countries, absolutely massive cutbacks in attacks can be realized by shutting down these vectors.

Many organizations have come to see that the majority of attacks come from international locations, particularly nations unfriendly to the United States and other nations where prosecution of computer crimes are much more difficult to achieve.

Common attacks that are familiar to nearly everyone are the common “419” or Nigerian Prince scam, fake Internal Revenue Service agents demanding payment in gift cards, Indian Technical Support and numerous other variations of spray-and-pray attacks executed with little effort.

How does GeoBlocking work?

The UpStream systems can be configured to drop emails originating from different countries, as determined by where the sending mail server IP address, sending email address or domain is registered.

By immediately discarding the traffic from undesirable countries, especially ones where no legitimate business with the organization can come from, a significant layer of protection can be added simply and effectively.

Exceptions can be added to allow validated traffic through for specific email addresses, select domains (and their subdomains) and even individual IP addresses or IP ranges.

What can GeoBlocking do for me?

Preventing emails originating from unneeded countries is one of the most expedient methods of protecting an organization from the majority of casual attackers out there, both from simple spam and from phishing attacks.

More advanced threat actors can still use IP address spoofing, VPN servers and other measures to get around such blockades (these more advanced attacks are handled at higher layers of protection with UpStream), but a whopping 70%+ of attacks can be stalled out simply by only allowing clients and employees that are within allowed countries to communicate with the organization.

Daily reports can be automatically generated that provide notification of all of the countries who attempted to send emails to your organization but were prevented from doing so via GeoBlocking.