We often hear that malware attacks are characteristic of country Y and nation-state X. Some companies even restrict connections to and from certain countries. Does this work? Chester Wisniewski used the data from SophosLabs to look at where the threats are coming from and whether location matters. This talk will present his findings along with advice on how threat location data can aid security policies.
1: Dispel the myth that blocking traffic from country X is an effective strategy.
2: Find things in the data observed that can aid in effective policy creation.
3: Discuss the usefulness of attribution as part of a threat mitigation strategy.