1. Focus on availability-security
Latency is a high focus for these folks. Most just focus on confidentiality and integrity-based security models. All three aspects need to be focused on to ensure comprehensive security.
2. Understand the value & meaning of architecture as it relates to attacks
- Placement of technology devices in the environment is key
- Types of technologies leveraged (e.g. leveraging UDP, CDN, stateful devices, etc.)
- Know the limitations of business-logic decisions — RFC and ISO compliancy may be, ironically, in the end a known vulnerability (e.g. leveraging RFC compliant web applications)
- Deployment of 80% of known technical and operational controls is no longer adequate. A process must be in place to be able to technically and operationally lock down your environment during a cyber-attack 100%.
- Not relying on a single point of security technology to do the entire job (e.g. security in-depth)
- Use of encrypted technologies (e.g. SSL / TLS)
3. Focus on the visibility they can get during an attack/attack detection quality
- Not just relying on Netflow detection, which provides blind spots
- Heavily leveraging Challenge/Response Technology – uniquely situated to distinguish attack traffic
- Understand the value of anomaly-detection technologies and rely on them heavily
- Understand the value of web-application-firewall and the role it plays in an integrated security platform
- Requiring correlated information out-of-the-box
- Ability to inspect encrypted and encapsulated technologies (e.g. MPLS, GPRS, L2TP, GRE, etc.)
4. Focus on real-time authentication & mitigation decisions
- Integration of Reputational Management/Dynamic black-listing technologies
- Heavily leveraging Challenge/Response Technology
- Ability to coordinate fighting an attack with eco-system service providers such as Certificate Authorities (CAs), Authoritative DNS providers, Cloud Providers, etc.
- Understanding the value of real-time signature generation for anomalistic threats
5. Understand the value of Emergency Response & Retaining Offensive Attack Capabilities
- Establishing an internal intelligence-gathering network to understand current risks to the organization from a cyber-attack.
- Understanding the value of placing a knowledgeable and wise human who oversees the orchestration and mitigation of cyber-attacks (e.g. Emergency Response processes).
- Leverages and retains techniques and capabilities to actively mitigate attackers (not just absorb and defend from attacks).
- Ability to adjust configurations and techniques during an attack in response to a changing attack landscape.
Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.
Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.