Skip to main content

Filtering outbound connections

Outbound network filtering is a free tactic to help improve protection against supply chain attacks, accomplished by limiting outbound network connections to known and approved flows. This ensures a server can only communicate with pre-defined destinations on the internet, preventing the server (or the software it hosts) from communicating with cybercriminals’ command and control servers. 

If a server can communicate without restriction, it's easy to exfiltrate large stores of data within a few days. This measure makes it harder for malware to "phone home" to report that they've gained a foothold in someone's environment. Blocking such connections will also create "noise," making it easier for your team to catch such attacks early.

In most cases, filtering can be implemented using existing tools and firewalls. Organisations typically start by establishing a baseline and identifying existing outbound connections. Then rules are implemented denying all unexpected connections to unknown destinations. 

The descriptions contained in this communication are for preliminary informational and risk management purposes only. It is made available with the understanding that Beazley does not render legal services or advice. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. The product is available on an admitted basis in some but not all US jurisdictions through Beazley Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd’s. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: OG55497)