Let’s start off by saying not all activity from anonymous networks, like Tor, are mal-intentioned. There are plenty of good intentioned uses of anonymous networks, used to hide the true identity of the user, like journalism, military, law enforcement, and just plain privacy (Facebook uses the Tor network). BUT just like guns that can be used for good intentions, they can also be used for bad ones too.
CloudFlare reported in their blog, The Trouble with Tor, on March 20, 2016, “94% of requests that we see across the Tor network are per se malicious”. Additionally, Palo Alto Networks claimed at the Digital Transformations 2016 conference that 90% of all attacks on financial services were launched from Tor in 2014. Maybe it’s best to subscribe to the saying, Better to be safe than sorry!
Unfortunately, anonymous networks are too often used to conceal the identity of attackers seeking to cause harm and gain access to organizational resources. More often than not these mal-intentioned attackers use valid credentials to traverse your network. The 2016 Verizon Data Breach Investigation Report asserted that, “63% of confirmed data breaches involved weak, default or stolen passwords."
So……. HOW DO YOU PROTECT YOUR ORGANIZATION FROM THESE THREATS?
The SecureAuth Threat Service offers a combination of multiple threat intelligence feeds and information, as well as blacklisted IP addresses for best-of-breed protection from today’s threats including advanced persistent threats (APT), Cyber Crime, Hacktivism from anonymous proxies and anonymity networks, such as Tor. Beyond just one threat service, the SecureAuth Threat Service combines multiple threat feeds to provide unique coverage and protection.
Not only does the SecureAuth Threat Service make organizations aware of advanced threats and can deny or require multi-factor authentication (MFA) to gain access, we also provide valuable time saving intelligence and information to accelerate investigations and remediation among your security operations center (SOC) staff and incident responders.
Simple IP reputation services don’t provide depth or additional information with context for rapid, effective incident response and can flood SOCs with too much information to quickly digest and act. Many threat services do not have deep and wide experience globally to provide blanket coverage against all threat types, leaving buyers with a false sense of security.
With a global network of over 11 million advanced threat sensors and a database of more than 115 million nodes that dynamically models the relationships between the tools and tactics cyber threat groups use, the operations they conduct, and the sponsors who back them, the SecureAuth Threat Service offers the protection you need to safeguard against these threats.