5 Ways to Spot and Score Bad IP Clients
#3 Geographic Locations:
Visits to hosts in certain countries can be categorized as risky behavior, especially if there is a significant amount of traffic involved. Identifying such behavior can be combined with a white list approach that identifies legitimate sites in such countries to help identify infected clients.
#4 Session Information:
When a device starts to listen on a port to receive a connection from the outside but does not initiate a connection, an APT infection could be the cause.
#5 Destination Category:
Visiting certain types of websites, such as gambling and adult sites as well as those known to contain malicious code can also be a predictor of APT infection.
“Identifying risky user and application behavior represents the next step in protection against Advanced Persistent Threats.
Also Read: 10 Pioneers Of Cloud Computing
Also Read: IBM to Renew its Biggest Indian IT Contract, Faces Stiff Competition