In the wake of the first mass phishing campaigns in the early 2010s, it became increasingly obvious that someone had to deal with the employees and, more and specifically, their stunning capacity to click on every link they’d receive. Outbound traffic filtering (aka EGRESS) became an obsession. Browser security, proxies, and other glorified antiviruses became the must-have every consulting firm would advise their clients to get their hands on ASAP.
Ingress traffic handling was by then less trendy, it was supposed to be a done deal. With a firewall and some decent monitoring, we should be good to go. But compromising a business or government institution could be done mostly using one of the three main strategies:
According to IBM X-force reports, roughly 47% of initial compromises are related to vulnerability exploitations whereas phishing accounts for 40%. Add 3% of stolen credentials and 3% of brute force, and your Ingress aggressions are weighting 53% in terms of probability to get breached from the outside in. (I’m not counting the 7% of removable media because, honestly, if your users are dumb enough to plug in an unknown USB and your policy allows it, then it’s a different matter that I’d call Digital Darwinism.)
Nowadays, Ingress traffic handling is less trendy because it was supposed to be dealt with in the 90s. But if you crowdsource your information about ingress attacks and make them curated enough to leverage this CTI data into your appliances, then it’s a net win for your overall security posture.
Source: https://thehackernews.com/
