This week I’ll be attending the Black Hat Conference in Sao Paulo (… my first time in Brazil and I’m really looking forward to it!) and I was given the exciting opportunity to discuss some of the latest cyber-crime trends that we’ve seen at Radware.
Cyber-attacks have become so prevalent that nearly every online business, financial service, government agency, or critical infrastructure is a likely target. In fact, a case can be made that cyber-attacks are not just a powerful option for perpetrators, but they have risen to become a desirable weapon in their caches.
A weapon is right. A routine choice for hacktivists, cyber-attacks seek to leverage the impact of conflicts and social protests. A recent example of this is the Anonymous group joining the Occupy Wall Street protesters by launching attacks on major financial institutions in New York. Other attacks, like those on Sony® and other companies affiliated with the copyright industry, have also been used as revenge as part of Operation Mega-Upload.
In an era where cyber-attacks have become a main-stream and permanent tactic in perpetrating cyber-crime, social protests, and cyber war, organizations need to implement a security solution which can overcome a litany of emerging risks.
Join my upcoming seminar "The Art of Cyber War" at Black Hat on November 25th as we analyze why recent cyber-attacks became so successful and also what layers of defense are required for your business to survive.
Here’s an invite to register (in Portuguese) and a preview of the defense layers we’ll cover:
- The Perimeter Layer – The need for a set of security modules that include Denial-of-Service (DoS) protection, Network Behavioral Analysis (NBA), Intrusion Prevention System (IPS), and Reputation Information.
- Application Layer Security Risk Management
- Application or Transaction Layer – This layer of security is defined at the ‘transaction-oriented’ or application-layer. It covers numerous areas of concern and in this layer the complexity of detection and mitigation rises and the need for premise-based technology becomes paramount.
- Cloud Layer – The next layer of defense is defined at the ‘volume threat’ and is based in the cloud. Attackers flood the victim with a high volume of packets, consuming networking equipment resources or bandwidth resources.
- People Layer – Possessing knowledgeable and specialized security experts who provide 24×7 instantaneous service to restore operational network and service status for customers facing DDoS attacks.
Companies that rely solely on ‘one-size-fits-all’ in-the-cloud managed security or an on premise security solution often cannot withstand coordinated attack campaigns. Attackers are patient and persistent and can leverage multiple attack techniques like low & slow attacks. These same attackers also use evasion techniques to avoid detection and mitigation such as SSL-based attacks or changing the page request in a HTTP page flood attack. If there is one permeating, unending lesson learned on how to survive cyber-attacks, it is that modern day security teams need to be agile and crafty in combatting attacks. Solutions that include a hybrid security approach offer the most comprehensive protection against all kinds of attacks.
I look forward to sharing more attack types and attack prevention tips at Black Hat during this seminar and also at Radware Booth #240. Stop by and see our team!
As a Solution Evangelist, Werner Thalmeier is responsible for driving Security Product Strategy for Radware in the EMEA region. Before joining our team, he headed the global product management team at M86 Security as VP of Product Management and was also previously VP of Product Management at Finjan. An active member of IT industry for over 20 years, Werner has gained extensive field experience working with vendors, customers, technology partners and resellers in various management and engineering positions.