Businesses need to protect their assets when they are within their protective infrastructure AND when they are actively exposed or placed within the unprotected external world. The tools and procedures needed to protect the internal assets are different from the ones that protect the assets when they leave the confines of the secured network.
Recently Italian bank Unicredit suffered two security breaches. Data of 400,000 customers was stolen, including loan account numbers and Personally Identifiable Information (PII). There is a suspicion the breach had to do with interaction with a 3rd party. This incident is the latest reported in a long history of cyber-attacks against financial institutions. Every hack however, can teach us a lesson.
In the movies (and real life) one often needs to go through the Key Master to get to the destination. The job of the Key Master is to keep control of the access to the locks and barriers that protect important or sensitive material. Sometimes there is one key to get to the hidden rewards while other times, there is a long string of keys that must be maintained and managed. In other situations, the Key Master is more of a Key Maker, generating keys upon request.
The world is changing; it always has but the world is changing faster now than it ever has before. This general change is translating into even bigger changes in the cyber world. Some of the key areas that are evolving aren’t new, like availability or security. Others like automation are maturing quickly, and then there is the ever-present need for “easy.” Easy is a nebulous term, but in this case it refers to ease of procurement, ease of set up, flexibility in platform and ease of ongoing management.
This accelerated change is being driven by different market and business drivers. Some of the key market drivers are compliance, time to market, cyber loss risk, and increased competition around the user experience. This change is acutely felt in the ADC space.
10 years ago, I left my position as the principal architect at a major U.S. financial institution. We developed the standards for how SSL was used inside the bank and their systems. Because of the weakness of ADC hardware at the time, we standardized on the “fastest and lightest” ciphers that would allow us to be compliant for online banking. In today’s age, many would argue that is absolutely foolish. But is it?
We know that SSL has changed a lot in the last 10 years. Old ciphers are now considered insecure, obsolete, and out of PCI compliance. In looking at what many companies have shared about how they deal with SSL, we know there’s a blend of “just enough” cryptography to pass, and “Next-Gen” crypto, as some are calling it. According to Gartner, 50% of traffic in enterprises today is encrypted.
We build security solutions to protect our networks from the rest of the internet, but do we do anything to protect the network from our own employees and users? The first line of protection for your networks is not the firewall or other perimeter security device, it is the education and protection of the people that use the network. People are concerned about having their apartments or homes broken into so they put locks on the doors, install alarm systems, or put surveillance equipment like security cameras around the property. They are vigilant about making sure that an unauthorized intruder cannot enter the home easily without detection and alarms being raised.
A few months ago, I attended the 5G World Congress and listened to discussions around the many challenges and technical requirements facing 5G technology.
The questions everyone wants solved are:
- Which services actually require 5G access technology? What types of content demand the fastest service? According to lectures delivered by leading mobile service providers such as DoCoMo and KT, 5G networks need to deliver higher date rates to support applications such as 3D hologram video, VR and live broadcast.
- How will the networks support the exponential growth of end-devices requiring service brought about by IoT? As IoT end devices are carrying different ARPU models, 5G should address this challenge in improved cost per bit technology.
- What is the best way to support critical services such as voice, and how to build private networks (e.g. for connected antonyms driving cars) with zero latency and improved QoS, avoiding outages?
As 5G will be commercially launched only during the 2020 Tokyo Olympic games, it was agreed that the road to 5G will be via GIGA LTE that delivers 1Gbps data rates already.
The alleged creators of the popular VDoS website were arrested by Israeli authorities at the behest of the FBI on Thursday (September 8th). The 4-year-old site provided attack-for-hire services that helped its customers orchestrate more than 150,000 so-called distributed denial-of-service attacks (DDoS attacks) designed to take websites offline, and earned approximately $300,000 per year.
It is simply frightening that a 14-year-old child can build, maintain and earn hundreds of thousands of dollars a year and amass an estimated $1M after four years of operating a DDoS service before being stopped at the age of 18.
In today’s hyper-connected world, nearly all businesses, regardless of size or industry, have some element of their operations based online. From the largest online retailers and financial service companies to gaming and social media brands, organizations are transforming how they conduct business and have become increasingly dependent on network-based services. Even the smallest service-oriented organizations rely on the Internet for ecommerce or as a platform to deliver services to employees and partners.
Microsoft has discontinued Forefront Unified Access Gateway (UAG) and Forefront Threat Management Gateway (TMG), solutions for remote application access control, security and optimization. Microsoft UAG/TMG evolved over many years to integrate multiple functions to protect Microsoft applications. It is a key component of several Microsoft application deployments including Microsoft Exchange, SharePoint and Lync. However, the TMG and UAG deployments are not limited to protecting Microsoft applications.
Securing web applications accessible over the web is a complex task. A compromise may lead to a significant performance hit to the application, especially when under an attack that may impact business, or worse, security breaches.