Syspeace 3.0 introduces: Geographical blocking
“Why doesn’t Syspeace let me block based on country?”
We have been asked this question many times, and it is always from customers noticing that most of the blocked login attempts come from countries that have no business being in their servers. Many customers do have international business, but that does not mean that their customers should be able to, say, trigger a Windows login attempt.
Ordinarily, Syspeace remembers a login attempt and allows more attempts until they trigger the detector rules.
(The detector rules are based on a pattern of login attempts. Patterns that are customizable by the Syspeace user. They may allow some leeway for mistakes like mistyped, misremembered, or expired passwords by legitimate users.)
The geographical blocking of Syspeace 3.0, however, let you set up Country rules, describing which countries you do not want to allow access to and Syspeace will take action after any failed login attempt.
If you block Sweden – people logging in from Sweden get less leniency
As an example, if you set up a Country rule to block Sweden, it does not mean that all of Sweden is blocked from the start. This is not a blacklist. But with Geographical blocking, the people logging in from Sweden get less leniency.
If someone from Sweden makes a login attempt that Syspeace identifies as something that might be blocked later based on the detector rules – the geographical block gets into effect, and block the IP address immediately
By placing a country in a Country rule, you are saying that there are no legitimate users and no legitimate traffic expected from this country, and you give Syspeace instructions to act immediately.
Not a blacklist – because some traffic might be legitimate
By not making it a blacklist, it allows other forms of traffic than those that Syspeace detects to be illegitimate.
If you have a webshop with a few pesky attackers that happen to be from Sweden, you probably do not want to blacklist all of Sweden. Because then you would lose your
Swedish customers.
The Geographical blocking will therefore not put you in a situation where you must choose between allowing or blocking all traffic from a whole country.
And, on a more personal note, if you literally block Sweden, the country where we are based and our own backend and license servers are hosted, you will still be able to access our license website and talk to our backend, because we will not do anything to trigger a login attempt on your server, and we will not have to maintain some secret master whitelist of IP addresses to avoid cutting off our own check-for-updates functionality in the process.
What our customers say about the new feature
We recently contacted some of the customers who have been asking us for this over time and asked them to test this functionality.
Since testing the country blocking feature of Syspeace, we noticed a dramatic drop in hacking attempts on our server, from around 100 attempts per month to a handful. Whilst Syspeace did a perfectly good job of blocking the attacks before country blocking this new feature greatly decreases the risk of getting hacked. Perfect for those with security concerns.
– Mike Montgomery, MjM Data Recovery
The Country feature of Syspeace is superb. It has taken your software to a really functional level. I am very pleased with the new Country filters.
– drKatz, InfoStatz, USA
Try Syspeace 3.0 today!
Syspeace 3.0 also includes improved accuracy, better performance, and a smoother user experience. You can see login attempts as they happen with Live observations, setting the rules in the firewall is many times faster and the handling of RDP traffic has been reviewed to be more accurate. These are only a few of the many changes in Syspeace 3.0 – the biggest Syspeace release since Syspeace 2.0.
And remember: Your license fee includes any and every upgrade in the software.