This week I’ll be attending the Black Hat Conference in Sao Paulo (… my first time in Brazil and I’m really looking forward to it!) and I was given the exciting opportunity to discuss some of the latest cyber-crime trends that we’ve seen at Radware.
Cyber-attacks have become so prevalent that nearly every online business, financial service, government agency, or critical infrastructure is a likely target. In fact, a case can be made that cyber-attacks are not just a powerful option for perpetrators, but they have risen to become a desirable weapon in their caches.
A weapon is right. A routine choice for hacktivists, cyber-attacks seek to leverage the impact of conflicts and social protests. A recent example of this is the Anonymous group joining the Occupy Wall Street protesters by launching attacks on major financial institutions in New York. Other attacks, like those on Sony® and other companies affiliated with the copyright industry, have also been used as revenge as part of Operation Mega-Upload.
In an era where cyber-attacks have become a main-stream and permanent tactic in perpetrating cyber-crime, social protests, and cyber war, organizations need to implement a security solution which can overcome a litany of emerging risks.
Join my upcoming seminar "The Art of Cyber War" at Black Hat on November 25th as we analyze why recent cyber-attacks became so successful and also what layers of defense are required for your business to survive.
Here’s an invite to register (in Portuguese) and a preview of the defense layers we’ll cover:
- The Perimeter Layer – The need for a set of security modules that include Denial-of-Service (DoS) protection, Network Behavioral Analysis (NBA), Intrusion Prevention System (IPS), and Reputation Information.
- Application Layer Security Risk Management
- Application or Transaction Layer – This layer of security is defined at the ‘transaction-oriented’ or application-layer. It covers numerous areas of concern and in this layer the complexity of detection and mitigation rises and the need for premise-based technology becomes paramount.
- Cloud Layer – The next layer of defense is defined at the ‘volume threat’ and is based in the cloud. Attackers flood the victim with a high volume of packets, consuming networking equipment resources or bandwidth resources.
- People Layer – Possessing knowledgeable and specialized security experts who provide 24×7 instantaneous service to restore operational network and service status for customers facing DDoS attacks.
Companies that rely solely on ‘one-size-fits-all’ in-the-cloud managed security or an on premise security solution often cannot withstand coordinated attack campaigns. Attackers are patient and persistent and can leverage multiple attack techniques like low & slow attacks. These same attackers also use evasion techniques to avoid detection and mitigation such as SSL-based attacks or changing the page request in a HTTP page flood attack. If there is one permeating, unending lesson learned on how to survive cyber-attacks, it is that modern day security teams need to be agile and crafty in combatting attacks. Solutions that include a hybrid security approach offer the most comprehensive protection against all kinds of attacks.
I look forward to sharing more attack types and attack prevention tips at Black Hat during this seminar and also at Radware Booth #240. Stop by and see our team!