You’re being scanned. Your company’s network is being continuously scanned for a variety of reasons including research and/or security assessment or for the purpose of a cyber-attack. This is known as network scanning.
Port scanning takes network scanning to another level by returning information about what services the active host (you or your business) can offer. Open ports and services available on a network host are identified through port scanning and can be used by security technicians to audit computers for vulnerabilities, or by hackers to target victims by identifying weakened access points.
External IP addresses (find yours here) are being scanned constantly by both “good guys” and “bad guys.” The good guys are doing research, such as the University of Michigan, and the bad guys are scanning to exploit networks for financial gain.
Scanning is so simple that virtually anyone can do it, and there are a number of open source tools such as Masscan and ZMap for people to download. These tools can be used to scan every IPV4 IP address on the internet in a matter of only a few hours, and hackers can take this code and manipulate it to search for vulnerabilities as soon as they are published.
Most scans are stopped by your businesses router and/or firewall because of the Network Address Translation that converts your internal IP addresses to external IP addresses. However, some scans are inevitably able to make it through the router or firewall. NetWatcher works to identify what scans are making it through your firewall using a simple scanning widget.
NetWatcher also provides visibility into ‘Events by Country.’ All of these events are not scanning related, but a high percentage of them will likely be cyber criminals trying to land access one of your internal assets.
Your mid-sized businesses external IP address will be scanned, but you can protect it against cyber criminals through the following tips.