Under Attack?
Search
Menu

To Err Human, To Automate Secure

By Motty AlonMarch 20, 2014

“To err is human.”

This quote by British poet Alexander Pope gained new meaning to me after reading a follow-up article by Information Week on the massive security breach that the American retailer Target experienced this past November. According to the story, the Target security team reviewed and ignored urgent warnings about unknown malware spotted on their network. They simply made the wrong call. This can happen, but this erroneous call, ended up resulting in millions of dollars in lost revenues to the organization as well as exposed the personal and credit information of millions of their shoppers.

Despite Target’s security systems alerting two different on-call security teams, one in Bangalore and one in Minneapolis, the action taken was inaction. In a written response, a Target spokeswoman commenting on the security team’s decision said that, “based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up.” Also important to note:  Target, consisting of 1,600+ stores in 48 states, had invested millions of dollars during the twelve months preceding the breach to build this top-notch enterprise network security system.

What we can learn from this story?

Credit Card Transaction SecurityConsidering the transaction load that successful retailers and e-retail sites can receive, missing an occasional threat is, indeed, human. Hackers, however, understand this vulnerability. The more-sophisticated attackers have been known to add extra traffic to a site using DDoS attacks. This increases the likelihood that they can hide their more malicious activities better among the extra load on the site. But can an error, in the case of an ignored security alert, be avoided? Yes.

The integration of detection and protection tools within a single control/orchestration layer is a revolutionary approach that helps to counter the risk of human error. With this approach, the control layer does more than just report. It makes actionable items and then decides (within fractions of a second) what the best protection approach is and then immediately implements it.

As cyber attacks continue to rise with more complex, multi-vector campaigns, this can challenge any enterprises’ ability to protect their network and customer information.  By automating mitigation and selecting the most effective tools and locations – aided by human effort and expertise – enterprises can offer the most complete protection for their network in the data center, at the perimeter or in the cloud.  To err is human, but to automate — secure.

Like this article? Receive similar articles by subscribing to our blog today!

Posted in: Application Security DDoS Attacks SecurityTags:

Motty Alon

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?