With one full year of Community Shield® activated on our AccessEnforcer® firewalls, we wanted to review its performance and impact on securing small business networks. Community Shield is the real-world implementation of a distributed cyber security system leveraging information sharing created by our Founder, Lawrence Teo.
Lawrence conceived the concept as a means for organizations to join forces in a secure, affordable, and easy method to combat cyber threat actors. He outlined key concepts with his Ph.D. dissertation “Internet-scale Intrusion Detection and Prevention” in May of 2006 at the University of North Carolina at Charlotte. He was awarded a patent in 2011 for “Systems and methods for enhanced network security” (US Patent No. 8,065,725). After 15 years of dedication and hard work, we introduced the code with Version 5.0.3 on July 21, 2021 and completed the rollout in September.
Since inception, we have designed AccessEnforcer, our hardware firewall, to operate as a threat intelligence platform to collect, disseminate, and ingest time-sensitive threat intelligence while addressing small organizations’ traditional and emerging network security. Community Shield provides protection, detection, and prevention significantly shrinking network attack surfaces, eliminating alert fatigue, and preventing outbound traffic to malicious or suspicious infrastructure.
Community Shield consists of seven organic threat feeds and additional external threat feeds. We are expanding Community Shield to leverage new sources of internal and external threat intelligence, community feedback, and new and emerging threats (e.g., Log4J).
The evolving composition of our threat feeds illustrates the dynamic and rapidly changing threat landscape facing small organizations. Every day, malicious infrastructure gets repurposed or sanitized, yet threat actors continue to have a steady pipeline of exploitable systems as new vulnerabilities and misconfigurations continue to emerge and go unattended.
Automation is great, but some things need to be handled by an experienced security engineer. Community Shield will protect your network without intervention in most cases but behind the scenes, these events that Community Shield discovers and prevents from accessing your network have been curated and shaped by our Professional Services department led by N’dia Thomas, our Cyber Threat and Incident Response Analyst. Her insights and work have propelled Community Shield to what It is today.
It has been a busy year for our Community Shield and Geo Fence systems which together have blocked over 10 billion connections. Yes, that’s billion with a B. Geo Fence, our geographic region blocking system, has blocked over 5.5 billion connections with nearly 20 million unique IP addresses, and Community Shield blocked 4.5 billion connections with 3.3 million unique IP addresses. The Community Shield threat feeds maintained over 16.8 million IP addresses every single day for the entirety of the past year.
Community Shield leverages Calyptix’s fleet of AccessEnforcers with expert analysis to defend customers from a range of threats that often leverage US-based infrastructure. When combined with the Geo Fence feature on the AccessEnforcer, network administrators and business owners can have increased assurance that their defensive networks are identifying attacks that often go undetected. Community Shield was designed to work side by side with Geo Fence. This allowed these two systems to work in synergy to accomplish one goal, to secure your network with fresh intelligence and policies. Where Geo Fence leaves off with only blocking or allowing some countries, Community Shield picks it up with smart protection by filling the gap of the areas that cannot be blocked outright. As you will see below, Community Shield is doing its job to protect networks from potentially malicious inbound and outbound traffic within the US.
Going through the data from Community Shield, we have come to some conclusions that are inconsequential and some show a larger picture of trends.
Most alerts occurred on a Tuesday each week and the 21st of each month. We don’t know what this could be attributed to. Patch Tuesday, phishing campaign cycles, the price of bananas in Guatemala? Who knows?
January was the busiest month by far over all the others although, the 4th quarter of the year had more alerts. We will have to see if this holds for next year.
Finally, out of all the alerts for outbound traffic, Qakbot, Botnets, and Cryptominers were the most common threat Community Shield blocked. More on that here.
Looking back, we are proud of the progress Community Shield has made and are excited to expand it even more. We cannot express enough gratitude to our Partners for helping us build this comprehensive threat intelligence platform and being a part of this Community that Shields each other. Without them, this would not be possible.
Getting your hands on an AccessEnforcer and into your customer’s location is fast and easy. We offer same-day shipping from our facility in Charlotte, NC via standard UPS shipping within the US. Expedited shipping is also available. Prefer to have it delivered to your customer's location directly? No problem!