Why it’s not enough to protect the network from the outside when attacks are now coming from the inside❓
How do you know if an attacker – and not your own employee – is logging into critical systems❓
If you are responsible for the security of your IT environment today, these two questions are key. And the answers can’t be found in traditional tools.
In a world where cloud, remote working and phishing dominate everyday reality, it’s not enough to monitor network traffic. You need to know the context – i.e.
context
.
🌍 Firewalls are not enough. The world has changed – defenses have not yet
A few years ago, the perimeter was clear: everything important ran inside the corporate network, on corporate devices.
Protection was provided by a firewall that allowed or blocked connections based on ports, IP addresses or simple rules.
But today?
- Employees work from home, cafes, trains and abroad.
- They access via mobile, tablet, private laptop.
- Data and applications are in the cloud – not behind a firewall.
- And the vast majority of communication is encrypted – the firewall can’t see what’s going on.
The attackers know it. And that’s why they go where the defense is weakest:
Identity.
.
🎣 Phishing 2.0: Attacks that bypass all perimeters
Modern phishing doesn’t look suspicious. On the contrary, it looks trustworthy, often imitating legitimate services. What’s more,
targeted attacks no longer come through corporate email.
but, for example:
- personal Gmail,
- LinkedIn messages,
- WhatsApp, Signal or SMS.
The user is unaware, clicks, logs in – and the attacker has his access credentials.
If you don’t have multi-factor authentication (MFA) in place, or if it is set up incorrectly, the account can be abused
immediately
. And the firewall? It usually doesn’t react in any way.
In fact, the access pretends to be legitimate.
🔍 Context: a new basis for security decisions
So what really helps?
Is it the ability to
to see the connections
not just individual events.
The modern approach to security assesses what is happening at any given moment
in terms of the context of the approach
.
Instead of asking “what’s wrong?” we ask:
Who
is logging in – is it a known user? Does he use MFA?
From which device
– is managed? Does it comply with company policies? Is it up to date?
From
– Is it connecting from a regular IP address or from a new location?
Which application
– is it a critical system? With sensitive data?
When and how
– is the normal time? Does the behaviour match the usual patterns?
It is the combination of these factors that allows systems to automatically assess whether an approach is OK – or risky.
And what’s key:
The response can come instantly – without admin intervention.
🧠 Zero Trust: changing attitudes, not just technology
At the heart of modern security architecture today is the concept of
Zero Trust
. It’s not just a buzzword – it’s a new way of thinking about access to corporate resources.
Zero Trust says:
“Believe nothing until proven otherwise.”
The principles are simple:
- No access is automatically trusted.Not even from the corporate network.
- Each access is verified separately.Every day, every device.
- Decisions are made based on context.Who, from where, how and why.
The Zero Trust approach is not about deploying one application. It’s
a strategy that can be implemented incrementally
– first on identity, then on devices, applications and data.
🧪 Real Scenario: What the firewall can’t catch, but the context can
Imagine the following situation:
An employee clicks on a link in a LinkedIn message and enters their login details into a fake M365 login page.
The next day, the attacker checks in:
- From a different facility than normal.
- From another country.
- At an unusual time of day.
- And it will immediately try to open files with sensitive data.
Firewall? It doesn’t see the problem – the connection is encrypted, the ports and IP addresses match.
But a security system that evaluates
the context of the connection
, access either
block
,
makes it contingent on further authorization
, or redirect the user to
restricted mode
.
And all this
no delays, no manual analysis
– because the context makes the decision make sense.
🔄 What does it mean in practice?
There are tangible benefits of introducing a contextual approach:
Benefits:
- High success rate for detecting identity attacks
- Fewer false alarms
- Automation of decision making
- Protection outside the corporate network
- Scalable for smaller IT teams
Challenges:
- Requires well set security policies
- The need for visibility over the entire environment (identities, devices, network)
- It requires a change of mindset: security is not about “walls” but about data-driven trust
3 steps to get started
Start with identity
Check the MFA silo, roles in the system, login method and audit logs.
Map access scenarios
Who logs in when, from where and where? From which devices? What is common and what is no longer?
Evaluate in real time
Don’t wait for daily reports. In the event of an attack, the decision makers
minutes
not hours.
Summary
- The classic firewall today protects only part of the environment.
- Attacks target users, their identity and behaviour.
- The context of access (who, from where, how and to where) is crucial to modern security policy.
- Zero Trust is not just a buzzword – it’s a necessity.
- Without context, we don’t know,
who’s actually knocking on our systems
.
Thinking about how to move on?
Start with a simple question:
“What do we know today about access to our systems – and what should we know?”
Answering it may be the most important step in your new security strategy.
