THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Similar documents
THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Enterprise D/DoS Mitigation Solution offering

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

WHITE PAPER Hybrid Approach to DDoS Mitigation

The Value of Automated Penetration Testing White Paper

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Imperva Incapsula Website Security

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

CyberArk Privileged Threat Analytics

Securing Your Microsoft Azure Virtual Networks

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering

Securing Your Amazon Web Services Virtual Networks

Active defence through deceptive IPS

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

DDoS MITIGATION BEST PRACTICES

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Reduce Your Network's Attack Surface

Attackers Process. Compromise the Root of the Domain Network: Active Directory

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Comprehensive datacenter protection

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

How Breaches Really Happen

IBM Cloud Internet Services: Optimizing security to protect your web applications

SECURITY TESTING. Towards a safer web world

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure

Arbor White Paper Keeping the Lights On

IBM Security Network Protection Solutions

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Achieving End-to-End Security in the Internet of Things (IoT)

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Security for the Cloud Era

Multi-vector DDOS Attacks

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

A Review Paper on Network Security Attacks and Defences

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Building Resilience in a Digital Enterprise

CSE 565 Computer Security Fall 2018

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Combating Cyber Risk in the Supply Chain

Office 365 Buyers Guide: Best Practices for Securing Office 365

Defend Against the Unknown

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

akamai s [state of the internet] / security

WHITEPAPER. Protecting Against Account Takeover Based Attacks

The 2017 State of Endpoint Security Risk

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Transforming Security from Defense in Depth to Comprehensive Security Assurance

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Security Gap Analysis: Aggregrated Results

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Overview. Priorities for Immediate Action with Adaptive Response The top priorities for Adaptive Response are:

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

The Cost of Denial-of-Services Attacks

8 Must Have. Features for Risk-Based Vulnerability Management and More

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Part 2: How to Detect Insider Threats

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

SECURING DEVICES IN THE INTERNET OF THINGS

PT Unified Application Security Enforcement. ptsecurity.com

Phishing in the Age of SaaS

SECURING DEVICES IN THE INTERNET OF THINGS

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Q WEB APPLICATION ATTACK STATISTICS

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Table of Content Security Trend

CASE STUDY: REGIONAL BANK

Intelligent and Secure Network

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Penetration testing.

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

ANATOMY OF AN ATTACK!

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Zimperium Global Threat Data

THREAT INTELLIGENCE: UNDERSTANDING WHAT IT IS AND WHY YOU NEED IT

Endpoint Protection : Last line of defense?

Transcription:

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper

Does your organization have mission-critical Web applications for e-commerce, online marketing, customer service, financial transactions, product design or supply chain management? If it does, then those applications house customer information, financial data and intellectual property that must be protected. Even a few minutes of unavailability can have a lasting impact on revenue, reputation and productivity. Unfortunately, despite large investments in IT security, Web applications in the data center are not secure. This is because: n Most of today s data center defenses, including firewalls, intrusion prevention systems and anti-malware products, are designed to stop network-level attacks or rely on signatures of known mass attacks. They are not Web apps have become the target effective against application-level of choice for cyber-criminals, attacks targeting individual hacktivists and governmentsponsored hackers who have companies. n Sophisticated attackers, recognizing learned to evade conventional these weaknesses, are shifting data center defenses by targeting their attention to Web applications. application-level vulnerabilities. A recent study found that 73% of data breaches investigated involved SQL injection or remote access attacks, both of which are related to vulnerabilities in Web applications and Web application environments. 1 Even next-generation firewalls are not a solution. Many of their advantages are related to protecting against bad employee behaviors, not application vulnerabilities. Also, application-related features are plagued by false positives, complex rules and slow performance. And most IT organizations recognize this dilemma. In one survey, 62% of IT executives stated that the most serious attacks are Web-based; 61% acknowledged that their existing security technologies don t address the complete threat; and 48% said that current network security technologies do not minimize attacks that bring down Web applications. 2 1 2013 Global Security Report, Trustwave 2 Efficacy of Emerging Network Security Technologies, Ponemon Institute 1

Fortunately, there are two new technologies that can fill these gaps: n Intrusion Deception n Application-level DDoS protection Intrusion Deception Most cybercriminals gravitate to websites that they can penetrate most easily for the largest reward. A new type of security technology leverages this cost-benefit approach by misleading and frustrating attackers so they turn their attention to easier targets. This is called Intrusion Deception or active defense. Let s examine how Intrusion Deception might work against an attacker searching for vulnerable websites: The attacker would typically conduct a reconnaissance by launching scripts to scan hundreds of likely websites and: Active Defense and Intrusion Deception Defined Altering your environment and system responses dynamically based on the activity of potential attackers, to both frustrate attacks and more definitively identify actual attacks. Try to tie up the attacker and gain more information on them.... Pollute your environment with false information designed to frustrate attackers. Rich Mogull, Securosis blog n Attempt to authenticate by trying lists of popular passwords. n Request directory, password and configuration files (for example admin.php and login.php). n Search for vulnerabilities in common plug-ins and applications, such as unpatched versions of Adobe Reader and Acrobat, Oracle Java, WordPress and browsers. n Locate input forms and submit SQL syntax, to identify applications vulnerable to SQL injection attacks. 2

Most conventional security tools, such as firewalls and intrusion prevention systems, will have difficulty distinguishing these probes from legitimate user and system administrator activities. Also, detecting and blocking one probe may just encourage the attacker to hunt for other weaknesses. Eventually, the attacker would find one or more vulnerabilities that could be exploited by utilizing stolen credentials, accessing and exfiltrating files and databases, and planting malware on additional systems. Here is how an Intrusion Deception solution would protect websites against these attacks. It starts by creating hundreds of abuse detection points across the site. These points flag activities that are common to attackers but unusual for legitimate users. When suspicious activities occur, the Intrusion Deception system tracks and records the attacker s actions, and creates a profile that can be used to identify the probe or attack if it reappears on the website. But the really interesting capabilities of Intrusion Deception solutions lie in the abuse response options that you can select to mislead and frustrate the attacker. Responses can include: n Deceiving the attacker by giving the impression that the application is broken, the website is down or the connection is extremely slow. n Injecting CAPTCHA screens into the normal application workflow to prevent botnets from flooding the application with inputs. n Forcing continual logouts and re-authentication. n Redirecting the attacker to a webpage with a We are on to you warning message. n Allowing access to false versions of common files (admin.php and login.php) and seemingly valuable files with false information (for example, an Accounts file with nonexistent account numbers). n Shunting the attacker to a sandbox version of an application, complete with phony data, to observe his method of operation. At the same time, the software alerts administrators early in the attack life cycle and logs all of the activities of the attacker for future study. 3

By operating at the application level, and by deceiving and frustrating attackers rather than merely blocking them, Intrusion Deception technology fundamentally alters the incentives for cybercriminals and others trying to penetrate your website. Application-Level Financially minded cybercriminals are not the only ones who are trying new methods and shifting their attention to application-layer attacks so are hacktivists (ideologically motivated attackers) and other perpetrators of distributed denial-of-service Today s DDoS protection must: (DDoS) attacks. Conventional firewalls and intrusion Block DDoS attacks against prevention systems can t cope with applications as well as the most recent volumetric, or flooding, websites. DDoS attacks. These not only launch Detect and protect from data center-scale volumes of packets, low and slow DDoS attacks. but they also sometimes disguise themselves by spreading across multiple network links or dividing themselves into very small packets. And few security tools can identify new application-level or low and slow DDoS attacks. These produce results similar to volumetric attacks, but with far lower volumes. Most applications include calls that are extremely resource-intensive for example, performing complex querying against a giant database. A DDoS attack that fires off these processes with sufficient frequency can bring an application to its knees while evading firewalls and intrusion prevention systems. To defend today s mission-critical Web applications, DDoS protection technology needs to go beyond applying simple rules and dropping malformed packets. They also need to apply sophisticated techniques, such as: n Assigning sending IP addresses risk ratings, based on multiple behavioral criteria. n Monitoring return traffic for response times and dynamically dropping packets from low-rated IP addresses when performance levels degrade below acceptable thresholds. 4

By observing the behavior and effect of network streams, advanced DDoS protection can cope with both volumetric and low-and-slow attacks. The Business Case Data Center Security Is there a business case for investing in yet more data center security? Every organization has its own risk profile, but the potential costs of inadequate security can be substantial. According to two recent surveys: n The average cost of a data breach in the U.S. in 2012 was $5.5 million, or $194 per record. 3 n The average revenue loss to an e-retailer whose website goes down during the holiday season would be $12.7 million per day, or about $530,000 per hour. 4 Juniper Networks can provide industry-leading Intrusion Deception and DDoS protection technology for much less than the reported cost of one major data breach or one hour of Web application downtime. Key offerings include: Junos WebApp Secure uses the latest Intrusion Deception technology to misdirect and mislead attackers while simultaneously profiling and fingerprinting them. By injecting hundreds of detection points into the code, the attackers own behavior identifies them as malicious, without false positives. Junos WebApp Secure breaks automated hacking tools by inundating them with fake data and rendering the results useless. Once an attack has been detected, an appropriate response from a warning, to requiring a CAPTCHA, to blocking a user or forcing him to log out can be deployed manually or automatically in real time. Junos DDoS Secure delivers a fully automated DDoS protection system for websites and Web applications. It uses a unique, behavior-based approach to DDoS mitigation that provides protection up to 40 Gbps for high-volume attacks as well as advanced low-and-slow application attacks, with minimal false positives. It can be deployed as either a hardware appliance or as a virtual machine in private, public and hybrid cloud environments. 3 2011 Cost of a Data Breach Study, United States, Ponemon Institute 4 National Survey of E-Retailers, McLaughlin & Associates 5

Junos Spotlight Secure is the industry s only cloud-based global attacker intelligence service that identifies individual attackers at the device level and tracks them in a global database. It creates a persistent fingerprint of attacker devices based on more than 200 unique attributes. Compared with currently available reputation feeds that rely on only IP addresses, Junos Spotlight Secure offers more detailed security intelligence about attackers and significantly reduces false positives. Juniper Networks SRX Series Services Gateways integrate with Junos WebApp Secure and the Junos Spotlight Secure global attacker intelligence service to benefit from the latest Intrusion Deception technology and block botnets and large-scale Web attacks. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback