main

Application Security

Automation for NetOps and DevOps

August 14, 2019 — by Prakash Sinha0

automation1-960x446.jpeg

Many organizations use public cloud service providers, some in addition to their private cloud and on premise deployments. The right product mix not only reduces vendor lock-in and shadow IT, but is also an enabler for the constituents that includes IT administrators, network and security operations, as well as DevOps.

Maintaining application security and configurations across multiple environments is complex AND error prone and increases the attack surface. Careful testing is required to protect business-critical applications from hacking attempts, which may include denial of service, network and application attacks, malware and bots and impersonation.

A successful implementation will not only include the right cloud provider, the correct security, licensing and cost model, but also the appropriate automation tools to help secure the technology and security landscape consistently as applications are rolled out in a continuous integration and continuous delivery (CI/CD) process.

When Does Automation Become a Pressing Issue?

The reasons to automate may be due to resource constraints, configuration management, compliance or monitoring. For example, an organization may have very few people managing a large set of configurations, or the required skill set spans networking AND security products, or perhaps the network operation team does not have the operational knowledge of all the devices they are managing.

Below are a few benefits that automation provides:

  • Time savings and fewer errors for repetitive tasks
  • Cost reduction for complex tasks that require specialized skills
  • Ability to react quickly to events, for example,
    • Automatically commission new services at 80% utilization and decommission at 20%
    • Automatically adjust security policies to optimally address peace-time and attack traffic

[You may also like: How to Move Security Up the DevOps Priority List]

Automate the Complexity Away?

Let us consider a scenario where a development engineer has an application ready and needs to test application scalability, business continuity and security using a load balancer, prior to rolling out through the IT.

The developer may not have the time to wait for a long provisioning timeline, or the expertise and familiarity with the networking and security configurations. The traditional way would be to open a ticket, have an administrator reach out, understand the use case and then create a custom load balancer for the developer to test. This is certainly expensive to do, and it hinders CI/CD processes.

[You may also like: Economics of Load Balancing When Transitioning to the Cloud]

The objective here would be enable self-service, in a way that the developer can relate to and work with to test against the load balancer without networking and security intricacies coming in the way. A common way is by creating a workflow that automates tasks using templates, and if the workflow spans multiple systems, then hides the complexity from the developer by orchestrating them.

The successful end-to-end automation consists of several incremental steps that build upon each other. For example, identify all use cases that administrators take that are prone to introducing errors in configuration. Then make them scripted – say, using CLI or python scripts. Now you’re at a point where you’re ready to automate.

You’ll have to pick automation and orchestration tools that’ll help you simplify the tasks, remove the complexity and make it consumable to your audience. Most vendors provide integrations for commonly used automation and orchestration systems – Ansible, Chef, Puppet, Cisco ACI and Vmware vRealize – just to name a few.

Before you embark on the automation journey, identify the drivers, tie it to business needs and spend some time planning the transition by identifying the use cases and tools in use. Script the processes manually and test before automating using tools of your choice.

Read “2019 C-Suite Perspectives: From Defense to Offense, Executives Turn Information Security into a Competitive Advantage” to learn more.

Download Now

Service Provider

5G Security in an API-Driven Economy

May 15, 2019 — by Travis Volk0

5G_API-960x640.jpg

Over the last six years, solution architects have been designing the transformation of Service Provider’s networks to significantly reduce the timing of service and feature deployment lifecycles, standardizing on real-time service provisioning, consumption and end user autonomy.  This challenge has been in parallel to delivering highly scalable and cost effective solutions. 

These solutions, along with automation, are addressing emerging security challenges while extending tailored outcomes to individual lines of business and customers. The result is better security, user experiences and a broader addressable market. 

So how does this hard work improve our execution of 5G transformations? 

All About Those Apps

First, the fully automated software delivery model allows us to address the complexity of a widely distributed architecture in a repetitive model.  Network and security alignment improves resource allocation while optimizing consumption-based delivery from edge systems. 

[You may also like: The Necessary Burden of 5G Security]

The “edge” may have more than one meaning in this discussion, as service delivery platforms are no longer constrained to a single autonomous system. This flexibility leads Service Providers to a new era of content management and monetization as applications are deployed across numerous computing platforms to minimize latency. 

It is important to appreciate that these capabilities are all made possible because of application-to-application dialog that transpire over APIs.  Traditionally, application and API exposure had been constrained to IDC infrastructure. This meant that a secure DC or security gateway framework was used to harden the exposure of numerous applications in the same physical location. All of these applications communicated to the internet via a common path. In the scope of security design, this was a relatively easy problem to address. 

[You may also like: 5G: You Can Have Your Slice and Security Too!]

Now, take a step back to the previous ideology of 5G and it jumps out at you that API and application protections become a key component in modern edge security. 

From Security Zones to Network Slices

It is also interesting to recognize that traditional volumetric defense for infrastructure protection is changing rapidly.

Anomalous traffic easily evading netflow detection has been eroding precious core resources for too long.  When security functions are built into the network, attacks are automatically addressed locally, avoiding back-hauling attacks and driving efficiency back into the core. This highly scalable infrastructure protection strategy also serves as a point of escalation for more sophisticated or persistent attacks seen in gateways, applications and APIs. 

As we transition from security zones to network slices, this multi-tiered approach further lends itself to the decomposition of highly intelligent machine learning algorithms deployed contextually for the relevant protocols and applications. 

[You may also like: Safeguarding 5G Networks with Automation and AI]

As an example, IoT anomaly detection on the access edge requires very different algorithms than used for detecting attacks from the internet thru the peering edge. When we speak about application and API protection, protecting a mobile application requires entirely different techniques than addressing behavioral analysis for fraudulent account abuse. Having the ability to protect, adapt and optimize attack lifecycle management in cooperation with the orchestration layer for end-to-end security has been our greatest achievement in modern security design.

The Modern Landscape

Maybe the punchline is becoming obvious at this point but addressing end-to-end security with the ability to escalate application abuse to the edge of the system in a widely distributed architecture has become a modern landscape requirement. 

[You may also like: How to Prevent Real-Time API Abuse]

Automation is working on our behalf to drive agility into engineering, provisioning, billing and operations. With predefined workflows, analysts enjoy alert-driven processes and/or fully automated protection strategies designed to meet the high availability demands throughout a complex system.

If you track my work at all, you will appreciate that I have dedicated the last twenty years designing highly adaptive services.  If you are curious how you too can maximize security revenue across multiple lines of business, please reach out in the comment section below; service creation is one of my favorite points of discussion. 

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

Attack Types & VectorsBotnets

Attackers Are Leveraging Automation

January 31, 2019 — by Radware0

automation-960x681.jpg

Cybercriminals are weaponizing automation and machine learning to create increasingly evasive attack vectors, and the internet of things (IoT) has proven to be the catalyst driving this trend. IoT is the birthplace of many of the new types of automated bots and malware.

At the forefront are botnets, which are increasingly sophisticated, lethal and highly automated digitized armies running amok on corporate networks. For example, hackers now leverage botnets to conduct early exploitation and network reconnaissance prior to unleashing an attack.

The Mirai botnet, which was made famous by its use in the 2016 attack on DNS provider Dyn, along with its subsequent variants, embodies many of these characteristics. It leverages a network-scanning and attack architecture capable of identifying “competing” malware and removing it from the IoT device to block remote administrative control. In addition, it leverages the infamous Water Torture attack to generate randomized domain names on a DNS infrastructure. Follow-up variants use automation to allow the malware to craft malicious queries in real time.

[You may also like: A Quick History of IoT Botnets]

Modern-day malware is an equally sophisticated multi-vector cyberattack weapon designed to elude detection using an array of evasion tools and camouflage techniques. Hackers now leverage machine learning to create custom malware that defeats anti-malware defenses. One example is Generative Adversarial Network algorithms
that can bypass black-box machine-learning models. In another example, a cybersecurity company adapted Elon Musk’s OpenAI framework to create forms of malware that mitigation solutions couldn’t detect.

Automation for Detection and Mitigation

So how does a network security team improve its ability to deal with these increasingly multifarious cyberattacks? Fight fire with fire. Automated cybersecurity solutions provide the data-processing muscle to mitigate these advanced threats.

Executives clearly understand this and are ready to take advantage of automation. According to Radware’s C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts report, the vast majority of executives (71%) report shifting more of their network security budget into technologies that employ machine learning and automation. The need to protect increasingly heterogeneous infrastructures, a shortage in cybersecurity talent and increasingly dangerous
cyberthreats were indicated as the primary drivers of this fiscal shift.

In addition, the trust factor is increasing. Four in 10 executives trust automated systems more than humans to protect their organization against cyberattacks.

[You may also like: Looking Past the Hype to Discover the Real Potential of AI]

Traditional DDoS solutions use rate limiting and manual signature creation to mitigate attacks. Rate limiting can be effective but can also result in a high number of false positives. As a result, manual signatures are then used to block offending traffic to reduce the number of false positives. Moreover, manual signatures take time to create because identifying offending traffic is only possible AFTER the attack starts. With machine-learning botnets now breaching defenses in less than 20 seconds, this hands-on strategy does not suffice.

Automation and, more specifically, machine learning overcome the drawbacks of manual signature creation and rate-limiting protection by automatically creating signatures and adapting protections to changing attack vectors. Machine learning leverages advanced mathematical models and algorithms to look at baseline network parameters, assess network behavior, automatically create attack signatures and adapt security configurations and/or policies to mitigate attacks. Machine learning transitions an organization’s DDoS protection strategy from manual, ratio- and rate-based protection to behavioral-based detection and mitigation.

The Final Step: Self-Learning

A market-leading DDoS protection solution combines machine-learning capabilities with negative and positive security protection models to mitigate automated attack vectors, such as the aforementioned DNS Water Torture attacks made notorious by Mirai. By employing machine learning and ingress-only positive protection models, this sort of an attack vector is eliminated, regardless of whether the protected DNS infrastructure is an authoritative or a recursive DNS.

The final step of automated cybersecurity is automated self-learning. DDoS mitigation solutions should leverage a deep neural network (DNN) that conducts post-analysis of all the generated data, isolates known attack information and feeds those data points back into the machine learning algorithms. DNNs require massive amounts of storage and computing power and can be prohibitively expensive to house and manage within a privately hosted data center.

[You may also like: Are Application Testing Tools Still Relevant with Self Learning WAFs?]

As a result, ideally a DNN is housed and maintained by your organization’s DDoS mitigation vendor, which leverages its network of cloud-based scrubbing centers (and the massive volumes of threat intelligence data that it collects) to process this information via big data analytics and automatically feed it back into your organization’s DDoS mitigation solution via a real-time threat intelligence feed.This makes the input of thousands of malicious IPs and new attack signatures into an automated process that no SOC team could ever hope to accomplish manually.

The result is a DDoS mitigation system that automatically collects data from multiple sources and leverages machine learning to conduct zero-day characterization. Attack signatures and security policies are automatically updated and not reliant on a SOC engineer who is free to conduct higher-level analysis, system management and threat analysis.

Automation is the future of cybersecurity. As cybercriminals become more savvy and increasingly rely on automation to achieve their mischievous goals, automation and machine learning will become the cornerstone of cybersecurity solutions to effectively combat the onslaught from the next generation of attacks. It will allow organizations to improve the ability to scale network security teams, minimize human errors and safeguard digital assets to ensure brand reputation and the customer experience.

Read the “2018 C-Suite Perspectives: Trends in the Cyberattack Landscape, Security Threats and Business Impacts” to learn more.

Download Now

Security

The Evolving Network Security Environment – Can You Protect Your Customers in a 5G Universe?

July 17, 2018 — by Louis Scialabba0

5g-iot-ebook-960x679.jpg

Smart Farming depends on internet of things (IoT) devices and sensors to monitor vast farm fields, guiding farmers’ decisions about crop management through rich data. But it only takes one security flaw for all stakeholders within the ecosystem to be impacted. If hackers gain access to a single sensor, they can navigate their way to the farm-management application servers and manipulate data. Crop productivity levels are falsified, both basic and complex condition-monitoring systems are distorted, and real-time harm occurs through automatic IoT sensors. At stake is not only the productivity of crops, but the food that supplies livestock and humans: What if there was no corn for you?

Attack Types & VectorsDDoSSecurity

Battling Cyber Risks with Intelligent Automation

June 26, 2018 — by Louis Scialabba0

automation-960x640.jpg

Organizations are losing the cybersecurity race.

Cyber threats are evolving faster than security teams can adapt. The proliferation of data from dozens of security products are outpacing the ability for security teams to process it. And budget and talent shortfalls limit the ability for security teams to expand rapidly.

The question is how does a network security team improve the ability to scale and minimize data breaches, all the while dealing with increasingly complex attack vectors?

The answer is automation.

Application Delivery

Maintaining Your Data Center’s Agility and Making the Most Out of Your Investment in ADC Capacity

April 25, 2018 — by Fabio Palozza1

data-center-agility-1-960x612.jpg

Deciding on an appropriate application delivery controller (ADC) and evaluating the need for supporting infrastructure is a complex, complicated, and challenging job. Such challenges result from the fact that ADCs are increasingly used across diverse environments and virtual, cloud, and physical appliances.

Security

AI Considerations in Cyber Defence Automation

December 14, 2017 — by Pascal Geenens2

ai-automation-960x598.jpg

When Apple unveiled the iPhone X, it catapulted artificial intelligence and machine learning into the limelight. Facial recognition became a mainstream reality for those who can afford it. A few months later, Vietnamese cyber security firm Bkav claimed it was able to bypass the iPhone X’s Face ID using a relatively inexpensive $150 mask. The claim is still up in the air and while it has not been accepted to its full extent, no one was actually able to refute the claim based on scientific facts.

Security

Bridging the Cyber Security Skills Gap

November 7, 2017 — by Radware0

bridging-skills-gap-960x640.jpg

The following is a Q&A with Ron Winward. Ron is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cyber security service providers around the world.

Behind every new hack or data breach, there’s a company scrambling to put out the fire. That’s good news for cyber security professionals with the right skills. However, between shortages in qualified security professionals, evolving attack vectors, and new DDoS mitigation capabilities and deployment models, organizations looking to safeguard themselves can be left in a difficult position when it comes to finding the best talent, whether it be in-house or outsourced.

Application Delivery

Agile, DevOps and Load Balancers: Evolution of Network Operations

July 18, 2017 — by Prakash Sinha0

automation-devops-load-balancing-960x617.jpg

Many organizations have a guidance to cut IT spending while rolling out secure application services in a continuous delivery model. Many R&D teams in these organizations have adopted Agile and DevOps practices to enable faster delivery. The goal of Agile and DevOps practices is to deliver applications quicker and to deploy them with a lower failure rate than traditional approaches.