One of the prominent trends in 2017 was an increase in short-burst attacks, which have become more complex, more frequent and longer in duration. Burst tactics are typically used against gaming websites and service providers due to their sensitivity to service availability as well as their inability to sustain such attack maneuvers.
Key Takeaways from Cisco Live Berlin 2017
2016-2017 introduced the era of Digital Transformation. Digital transformation is the change associated with the application of digital technology in all aspects of human society. Digital transformation inherently enables new types of innovation and creativity to increase business competency rather than simply going paperless.
Ruba Borno PhD, Vice President Cisco Growth Initiatives, shared Cisco’s vision that the only future-proofed solution for digital transformation is a next-generation secure network. Security is no longer static, and securing all the organization’s access points is no simple task. IoT, mobile work force, cloud applications and increased sophistication of attackers and attack methods require better preparation. Organizations need to fundamentally change how they build, manage and secure networks.
Digital transformation was the apparent theme across this year’s Cisco Live Berlin. With security becoming the key enabler for any organization IT investment, this paper covers the key trends in securing the digital transformation, along with new solutions announcements covered at Cisco Live Berlin 2017.
Attackers have infinite time to plan their next attack: choose a victim, gather intelligence, select the right attack tools, test them, coordinate an attack and then launch the attack at their convenience. There are plenty of attack tools available at the Clearnet and the Darknet, and there are plenty of opportunities to strike again and again – till success.
Defenders, on the other hand, have to overcome every attack attempt. They do not have a second chance. They have limited budget, their job is at stake, and they need to keep up with education, training, selecting the right solutions and maintaining an effective security posture.
This is where the difference between detection and protection becomes critical. To protect against attacks you need first to detect that you are under attack. Security solutions often focus on shortening the time to detect. Yet, they also need to shorten the time to protect – this is where automation becomes important. Solutions that automate more stages of the attack lifecycle will be more successful in dealing with the more dynamic, automated attacks organizations experience today.
I urge you to watch ransomware – an anatomy of an attack. This video, played at multiple Cisco Live sessions, provides an insight to an attacker’s daily work. It is about the details. The attacker does not need to develop any tool or software. They only need to select the right tools from an endless variety and use them smartly.
DDoS attacks have also joined the mix of ransom attacks by slowing down organization operations and even completely shutting down their online presence.
What can you do against ransomware? Although widely discussed during multiple sessions at Cisco Live Berlin 2017, I have not seen a solution that is truly designed to address this threat. Cisco speakers discussed a multi-layered security approach where they highlighted some capabilities in their solutions that can help improve a business security posture against the ransom threat.
What can you do to fight this threat? As always, prevention is the key. And prevention is about education, education and again – education. Attackers lure employees to open unsolicited mails, download software updates and harness multiple social engineering techniques. You need to be more suspicious and ask yourself if this is a safe operation beforehand.
We know how to protect endpoints – desktops, laptops and other mobile devices. We know how to protect our enterprise network. We use firewalls, intrusion prevention systems, anti-virus, anti-malware and other perimeter network security solutions.
What we do not know is how to protect infrastructure against DDoS attacks. Data centers, service providers and cloud providers are all vulnerable to network flood attacks. The recent Dyn attack and the celebrity Mirai botnet are clear reminders that we need to get ready.
IoT is a real threat. We are adding 1 million devices per hour to the internet and the majority of them are directly accessible with no or limited security measures. A 1 terabit-per-second DDoS attack is expected this year 2017.
We need to think differently. DDoS attacks are not a problem of specific organizations. It is a problem of the community. Attack mitigation should start at the service providers’ network and leverage to the enterprise data center. It should be more simple and manageable.
Digitization has created unprecedented growth opportunities. With more than 50 billion connected devices estimated by 2020 (According to Cisco), business leaders are questioning how new digital trends will impact their business — but so are the active adversaries seeking to profit from well-organized cybercrime operations. As the attack surface continues to expand, so has the need for a more effective approach to security.
According to Cisco, a typical organization deploys some 50 different security devices and solutions in their network and data centers. Every new solution contributes an incremental level of security; however, it increases network complexity exponentially. The challenge of effective security is not what to secure, but how to manage it?
The answer is keeping it simple. Security that is integrated, automated and simple to manage will be foundational to the success of digital businesses as they work to deliver protection from the network to the mobile user and the cloud — wherever employees work and data resides.
Did I mention automation? David Ulevitch, VP Cisco Security Business Group, discussed automation. His view is that the only way to win the cyber war is through automation: let the machines run the machines.
This is the path to effective security. It’s a continuous process, not a one-time effort.
[You might also like: Validating Cisco’s Threat-Centric Security Solutions]
The secret weapon in our security toolbox is the cloud. Why? Here are few arguments:
a) Cloud offers elastic and unlimited resources. You can use compute and storage for data collection and analytics to look at user behavior. This helps you make the right security decision per user, per transaction or per location.
b) Cloud offers the ideal management and control for all enterprise applications – on premises and in the cloud.
Look for cloud as an integrated solution. If the vendor offers you APIs – move on. You do not have the time or the resources to use APIs.
I recall John Chamber’s keynote from Cisco Live 2015, where he admitted that Cisco was late in identifying the SDN (Software-Defined Network) market. John promised that Cisco was going to fix that. Indeed Cisco introduced its flavor for software-defined networking called Application Centric Infrastructure (ACI). ACI is Cisco’s foundation for the Software Defined Data Center (SDDC) initiative.
At the event, Cisco announced that it further expands ACI – turning it from a pure data center solution to a multi-site solution. Cisco introduced multiple data-center automation tools, further empowered its ACI ecosystem with more than 65 technology partners and launched a new ACI marketplace so users can share their ACI applications and blueprints.
Why Cisco leaders believe that ACI will win the SDDC market? Because it is application-centric and introduces operational simplicity. Did I mention automation?
Airlines, retailers, travel service providers, banks, marketplaces, and social media – all rely on their web applications to generate revenues or facilitate productivity. They typically develop and maintain their own web applications which are tailored for their business needs. To support the growing needs of their online presence, they are adopting agile development practices also known as DevOps and Continuous Deployment.
Light Reading commissioned its independent test lab partner European Advanced Networking Test Center AG (EANTC) to evaluate Firepower 9300 next generation Firewall. I am sharing with you the industry’s first, third party validation of Radware DefensePro on Firepower 9300.
Service providers and enterprises are challenged by an evolving threat landscape resulting in reduced revenues, higher expenses, and damaged reputations. The number and complexity of cyber-attacks such as DDoS is continuously increasing.
Mike Geller from Cisco’s CTO office and Ehud Doron of Radware’s CTO office presented at Cisco Live Berlin 2016 the revolutionary concept of Network-as-a-Sensor to fight DDoS attacks.
There are two approaches to detect against DDoS attacks: on-premise (also sometimes called in-line) and Cloud (out of path). When a DDoS protection solution is deployed on-premise, organizations benefit from an immediate and automatic attack detection and DDoS mitigation solution. Within seconds from the start of an attack, the online services are well protected and the attack is mitigated.
DDoS attacks are no longer just a nuisance and they can cause lasting damage. Organizations that ignore this threat often learn the high costs involved in the damage from these attacks – ranging from mild service degradation and to extended service outage. According to Aberdeen Group research, the cost of a one second delay in website load time can translate to a 7% reduction in conversion rate and up to $2.5 million in losses per year. The cost of outage? That can reach nearly half a million dollars per hour.
For decades IT managers have been deploying application delivery (Layers 4 – 7) and security services as point solutions. The network provided the basic connectivity and each L4-7 had to be configured manually per each application. Virtualizing the compute fabric enabled automation at the configuration stage; however, L4-7 and security were still deployed as point solutions. Each application infrastructure change still required intervention in rewiring the physical network, reconfiguring network nodes and, of course, with testing application integrity end-to-end and performance.
Recently, independent researcher Chaman Thapa published a report on an attack scenario showing how someone could use Facebook Notes to DDoS any website. When Facebook and DDoS enter the conversation, news spreads quickly and questions emerge. What is the flaw? How serious is it? Who or what can be affected? The Radware Emergency Response Team (ERT) decided to take a look at the Facebook Notes attack type by testing it in our lab. First, here’s some background:
Nearly, two years ago I questioned the myth: does size really matter? and now it’s time to revisit the issue and also look at some of the changes occurring in the cybercrime scene.
The big myth of 2012 was that organizations need to prepare for enormous attacks. The attack on Spamhaus in 2013 supported this claim.
Radware has announced its comprehensive SDN strategy and has introduced its first SDN Application: DefenseFlow™.
