main

Security

Protecting Enterprises From State-Sponsored Hackers

July 11, 2019 — by Mike O'Malley0

securitylock-960x556.jpg

There seems to be a continuous drip, drip, drip of cyber breaches on a daily basis. For example, last month 12 million patients may have had information exposed in a data breach from Quest Diagnostics, the world’s largest blood-testing company.

The only thing we know for sure is that tomorrow some other enterprise will be next. However, what’s new is the rising threat of state-sponsored cyber attacks on enterprises. Per the White House, cyber attacks cost the US economy between $50 million and $100 million in 2016 — the last year quantified. It’s likely significantly more today.

States Are Leading Players in the Cyber Game

Enterprises need to understand that 22 countries around the world are currently suspected of state-sponsored programs for governmental cyber attacks. And lest you believe that these are all focused on stealing nuclear codes, half of all targets for these attacks are private enterprises, NOT governmental agencies.

World governments are actively investing in building and operating cyber espionage teams to both protect their national interests as well as collect IP for their domestic industries. With this information, they are acquiring expertise, malicious botnets and cyber attack tools to further advance their craft.

[You may also like: Here’s Why Foreign Intelligence Agencies Want Your Data]

Enterprises in developed nations around the world need to understand the high stakes and the need for increased protection. If a company competes based on its Intellectual property in a global marketplace, then it may be a mark for government cyber attacks.

Some nations are more direct about the domestic industries they are interested in building and are tipping their hands as to what intellectual property they are interested in acquiring from specific industries. China for example, has a position paper, “Made in China 2025“, which lays out specific industries in which it has a strategic interest in building domestic expertise.

The plan lays out a very aggressive goal of producing 70% of the content in the following industries with Chinese enterprises: IT, robotics, green energy and EVs, aerospace, ocean engineering, railroads, power, materials, medicine and med tech and agriculture engineering. These plans require domestic industries in developing countries to acquire massive amounts of new intellectual property in order to meet this 70% local content threshold.

Enterprises Don’t Have the Expertise to Fight Government Agents

In this environment, where 20-plus countries are aggressively building cyber attack organizations and pouring millions of dollars into ever more sophisticated attack technology, who is the best, most expert person to protect these businesses?

[You may also like: Here’s How You Can Better Mitigate a Cyberattack]

Before we answer that, let’s understand the current cyber employment context. Per an international security non-profit (ISC2), there were three million unfilled cybersecurity jobs globally in 2018. There continues to be a global STEM shortage. Job boards are bursting with open positions for IT security specialists.

Given the cybersecurity work shortage, it is neither advisable or practical for every Fortune 1000 business to try to match the security defense capabilities of nationally funded cyber attackers. Enterprises cannot spend enough money individually to have the state of the art automated defenses or hire enough security engineers to fight cyber attacks in real time.

We cannot and should not expect the Fortune 1000 to replicate the people and investment of nationally funded cyber groups to protect their most important intellectual property.

[You may also like: How Cyberattacks Directly Impact Your Brand]

In fact, we are seeing tremendous new innovations like the UK government initiative, Cyber Skills Immediate Impact Fund that promotes neurodiversity to help close the security skills gap. This is a tremendous new initiative that taps into groups like people on the autism spectrum for their puzzle-solving prowess to improve cybersecurity through their different and valuable coding abilities. However, initiatives like this alone will take years to provide the additional security engineering talent needed today.

Service and Cloud Providers Could Be the Expert Defenders

Cloud and service providers are another story. Many of them already have Security Operations Centers (SOC)s manned 24×7 to protect themselves and their customers. Many have real-time defenses and have implemented SDN control planes with automated policy. These systems identify an attack in one part of the network and mitigate the attack, while simultaneously updating all other endpoints with the attack characteristics. They are already staffed with top security engineering talent.

[You may also like: Don’t Be A “Dumb” Carrier]

Managed security solutions for virtually all enterprises need to ultimately be the answer. Cloud and service provider SOCs are the only private organization capable of protecting businesses and their most valuable intellectual property. Enterprises can never invest enough individually to have the latest tools and talent to fight the most complex real-time cyber attacks. However, the cloud and service providers have the scale to invest at the necessary level to protect from the most nefarious state-sponsored actor.

We need to fight fire with fire and recognize the Heads of Tier 1 SOCs are the ones who should be protecting the intellectual property of enterprises worldwide. Not 1,000 different IT managers individually.

[You may also like: Hacking Democracy: Vulnerable Voting Infrastructure and the Future of Election Security]

Service Providers Need to Stay Vigilant

As telco companies are racing to deliver 5G services, security has, in some cases, taken a back seat to speed. The most recent attack on telcos by the Chinese government is only the beginning. While it wasn’t especially intricate, nation state cybercriminals are proving that they are able to exploit the growing vulnerabilities that telcos leave behind as they race to 5G. As we approach the 2020 election, we will see a heightened focus as nation states leverage every vulnerability to their advantage. Telcos must be prepared, or the damage could be astronomical.

A version of this post was originally published on Light Reading.

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

Security

Bots in the Boardroom

July 10, 2019 — by Radware0

botsbots-960x538.jpg

This year, 82% of Radware’s C-Suite Perspectives survey respondents reported a focus on automation compared to 71% who indicated the same response in 2018. What’s driving the need for increased automation in cybersecurity solutions?

The increasing threat posed by next-generation malicious bots that mimic human behavior.

Vulnerabilities Abound

Almost half of all executives believed that their websites were extremely or likely prone to attacks. More than one-quarter of the respondents reported that their mobile applications were attacked on a daily or more frequent basis.

[You may also like: Bot or Not? Distinguishing Between the Good, the Bad & the Ugly]

Websites and mobile apps are the digital tools that customers use to interact with companies. About half of the respondents indicated that the impact of attacks on their company’s website was stolen accounts, unauthorized access or content scraping. Two in five said that the attacks were launched by both humans and bots, while one-third credited humans only for the attacks.

Executives in AMER were more likely than those in other regions to say that their sites were extremely prone to attacks.

The Impacts of Bots on Business

Most respondents said that they have discussed the impact of bots on business operations at the executive level. Rankings of how frequently items regarding bots were discussed at the executive level vary by vertical.

Half of the executives acknowledged that bot attacks were a risk but were confident that their staff was managing the threat. Despite this confidence, the market for bot management solutions is still small and emerging, and is expected to experience a compound annual growth rate of 36.7% from 2017 to 2022, according to Frost and Sullivan.

[You may also like: CISOs, Know Your Enemy: An Industry-Wise Look At Major Bot Threats]

Two in five said that they relied on bots to accelerate business processes and information sharing. An equal number of respondents complained about how bots influence the metrics of their business unit. AMER executives were more likely than those in APAC to say that bots are cost-effective.

Read “2019 C-Suite Perspectives: From Defense to Offense, Executives Turn Information Security into a Competitive Advantage” to learn more.

Download Now

Security

Executives’ Changing Views on Cybersecurity

July 9, 2019 — by Radware0

cs8-960x540.jpg

What does the shift in how cybersecurity is viewed by senior executives within organizations mean? To find out, Radware surveyed more than 260 executives worldwide and discovered that cybersecurity has moved well beyond the domain of the IT department and is now the direct responsibility of senior executives.

Security as a Business Driver

The protection of public and private cloud networks and digital assets is a business driver that needs to be researched and evaluated just like other crucial issues that affect the health of organizations.

Just because the topic is being elevated to the boardroom doesn’t necessarily mean that progress is being made. Executive preference for cybersecurity management skewed toward internal management (45%), especially in the AMER region (55%), slightly higher than in 2018. Yet the number of respondents who said that hackers can penetrate their networks remained static at 67% from last year’s C-suite perspectives report.

[You may also like: Executives Are Turning Infosec into a Competitive Advantage]

As in the past two years’ surveys, two in five executives reported relying on their security vendors to stay current and keep their security products up to date. Similar percentages also reported daily research or subscriptions to third-party research centers.

At the same time, the estimated cost of an attack jumped 53% from 3 million USD/EUR/GBP in 2018 to 4.6 million USD/EUR/GBP in 2019.

Staying Current on Attack Vectors

Looking Forward

The respondents ranked improvement of information security (54%) and business efficiency (38%) as the top two business transformation goals of integrating new technologies. In last year’s survey, the same two goals earned the top two spots, but the emphasis on information security increased quite a bit this year from 38% in 2018 (business efficiency held steady from 37% in 2018).

Although the intent to enhance cybersecurity increases, actions do not necessarily follow. Often the work to deploy new technologies to streamline processes, lower operating costs, offer more customer touch points and be able to react with more agility to market changes proceeds faster than the implementation of security measures.

Every new touchpoint added to networks, both public and private, exponentially increases organizations’ exposure and vulnerabilities to cyberattacks. If organizations are truly going to benefit from advances in technology, that will require the right level of budgetary investment.

The true costs of cyberattacks and data breaches are only known if they are successful. Senior executives who spend the time now to figure out what cybersecurity infrastructure makes sense for their organizations reduce the risk of incurring those costs. The investment can also be leveraged to build market advantage if organizations let their customers and suppliers know that cybersecurity is part of their culture of doing business. Prevention, not remediation, should be the focus.

[You may also like: How Cyberattacks Directly Impact Your Brand]

Securing digital assets can no longer be delegated solely to the IT department. Rather, security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives. The C-suite must lead the way.

Read “2019 C-Suite Perspectives: From Defense to Offense, Executives Turn Information Security into a Competitive Advantage” to learn more.

Download Now

Application Delivery

Modern Analytics and End-to-End Visibility

July 3, 2019 — by Prakash Sinha0

SLA-960x640.jpg

Many Cloud Service Providers (CSP) and large enterprises struggle to deliver a commitment level for an application service. For a tenant, without a proper Service Level Agreement (SLA), it is impossible to manage an application for his or her own users.

Delivering SLA without first gaining end-to-end visibility for an application, user and network is asking for trouble. This has long been an area of contention and finger pointing between network and application teams. Solutions for monitoring application performance and SLA are expensive and the task is complex, requiring inserting hardware probes and/or integrating software agents into every application server.

The Case for Application Analytics

Application analytics provides deep insights into application, user and network behavior and the root cause of an SLA breach by capturing, analyzing and visualizing application metrics.

[You may also like: Application SLA: Knowing Is Half the Battle]

When deploying applications, particular attention is required to see when things are slowing, so proactive monitoring becomes critical. Not only is proactive monitoring and troubleshooting through actionable insights helpful in configuring the appropriate technical capability to address the issue at hand, this visibility into application performance is important in terms of cost saving. For example, to de-provision unused resources when not needed or to mitigate an attack in progress.

An SLA breach may be due to device outage or configuration issues, problems of access from a particular geography, a specific device type, a particular data center, or something in between. Other reasons may be SSL handshake issues or security attacks that impacting application performance due to a lack of resources. It is important to know these issues before they become a business disruption.

In a multi-tenant environment, if the environments are not segregated, tenants may start competing for shared resources during peak utilization. In an environment where tenants share resources, a potential spike in resource consumption or a wrong configuration change of a single tenant may affect all other tenants – severely impacting an application’s SLA and availability.

End-to-End Visibility

Application Delivery Controllers are at the intersection of the network and applications. ADCs act as sensors to changing user demands of the applications – for example, detecting increased user latency or a lack of available application resources, or reaching a throughput limit, or outage of a specific service or a security attack in progress.

[You may also like: 6 Must-Have Metrics in Your SLA]

In order to detect any application performance issues in real-time before your customers experience them, it is essential to have an end-to-end monitoring capability that provides actionable insights and alerts through visualization. The ADC can act upon this telemetry to trigger automation and orchestration systems to program the applications or the network elements as needed.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Security

The Impact of GDPR One Year In

June 27, 2019 — by Radware1

gdpr1-960x540.jpg

Data breaches are expensive, and the costs are only going up.

Those reporting attacks that cost 10 million USD/EUR/GBP or more almost doubled from last year — from 7% in 2018 to 13% in 2019. Half of Radware’s C-Suite Perspectives survey respondents estimated that an attack cost somewhere between 500,001 and 9.9 million USD/EUR/GBP.

One Year In

Arguably, the General Data Protection Regulation (GDPR), which has been active in the European Union since May 2018, contributes to these rising costs.

Every EU state has a data protection authority (DPA) that is authorized to impose administrative fines for improper handling of data. Fines can go up to 4% of a company’s worldwide revenues for more serious violations. Article 83 of the GDPR requires that fines be “effective, proportionate and dissuasive.”

More than half of Radware’s 2019 C-Suite Perspective survey respondents from EMEA experienced a self-reported incident under the GDPR in the past 12 months.

In the largest fine to date, France levied a fine against Google for €50 million for lack of consent on advertisements. Germany fined Knuddels €20,000 for insufficiently securing user data, enabling hackers to steal user passwords. And a sports betting café in Austria received a €5,000 fine for unlawful video surveillance.

C-Suite Perspectives: From Defense to Offense — Executives Turn Information Security Into a Competitive Advantage

So far, DPAs have received almost 150,000 complaints about data handling. Most are about video surveillance and advertising calls or mailings, according to the EU Commission. While fines have not yet been imposed in many cases, the potential for significant penalties is there.

The takeaway? C-suite executives in all regions should not let the leniency of the first year of GDPR enforcement lull them into complacency. The threat of GDPR fines is just one risk facing organizations that experience a data breach.

The danger is very real.

Read “2019 C-Suite Perspectives: From Defense to Offense, Executives Turn Information Security into a Competitive Advantage” to learn more.

Download Now

Security

Cities Are Under Attack. Here’s Why.

June 25, 2019 — by Mark Taylor0

Ransomware-960x615.jpg

Greenville, North Carolina. Imperial County, California. Stuart, Florida. Cincinnati, Ohio. These are just a handful of cities and counties across the U.S. that have experienced crippling cyber attacks in recent months.

In 2019, local governments across the country have become the focus of attacks and face a growing threat of cyber attacks and escalating ransom demands. Indeed, ransomware is a pandemic in the United States, and hackers are increasingly going after larger targets instead of focusing on home computers, like most did five years ago.

[You may also like: Cities Paying Ransom: What Does It Mean for Taxpayers?]

The Vulnerabilities

Generally speaking, cities and municipalities are less prepared than companies to mitigate cyber attacks, due to limited resources and difficulty competing for cybersecurity talent. They are also increasingly reliant on technology to deliver city services. This, combined with aging computer systems, enlarges their attack surfaces.

And attackers are also getting more savvy. Per CSO Online, “There’s a constantly growing threat of exploitation either through investment from state-sponsored actors to the commoditization of very sophisticated attack techniques that are easy to use for inexperienced hackers. Ransomware isn’t new. It’s just how it’s been packaged up and how it’s being leveraged operationally by the hacker community.”

Why Cities and Municipalities?

Whether attacks on cities are increasing or merely just coming more to light now, it’s clear that they’re attractive targets for attackers.

This rationale is reinforced in Radware’s 2018-2019 Global Application & Network Security Report. According to the report, 52% of cyberattacks were motivated by financial or ransom purposes, far outpacing any other attack motivation. What’s more, government (cities and municipalities) are key targets, with 45% of government organizations being attacked on a daily or weekly basis.

[You may also like: How Cyberattacks Directly Impact Your Brand]

Simply put, the combination of constrained resources, data- and information-rich environments, countered by increasing automated attacks and attack types make cities and municipalities a high-value target for cyber criminals.

There’s no denying that in cities and municipalities, the pressure is on. Securing the constituent experience against cyberattacks is no longer just the responsibility of the IT department. Agencies need to implement security strategies–in every process and program–as if their very survival depends on them.

It only takes one data breach to compromise and expose constituent personal information or hobble critical services such as emergency response, public safety, air travel and more.

Recommendations

While it’s impossible to eliminate every risk or neutralize every threat, there are practical and minimal effort controls every city and municipality should consider. And tools alone don’t provide complete protection; a truly secure experience involves expert resources (threat intelligence), flexible deployment (cloud service), and agility or ease of use (fully managed).

[You may also like: Here’s How You Can Better Mitigate a Cyberattack]

When choosing the right security partner, which is critical for cities and municipalities, consider the following:

  • Evaluate protection for all web applications. Look for always-on and fully-managed services to protect both on-premise and cloud-based applications.
  • Evaluate risk from new DDoS attack types. Many organizations rely on their ISP and firewalls to detect and mitigate DDoS attacks. But DDoS attacks are growing and targeting applications, and application attacks are rarely detected by ISPs. 
  • Evaluate firewall DDoS protection. Attacks can fill state tables and bring down your firewall. 

The attack trends will persist in the foreseeable future, and all signs point to financial motivation gaining, thereby pushing attackers to try to profit from malicious malware. Of particular concern is the possibility of hackers investing their profits to leverage machine-learning capabilities to find ways to access and exploit resources in networks and applications.

Be prepared.

Download “Hackers Almanac” to learn more.

Download Now

BotnetsDDoS

Botnets: DDoS and Beyond

June 20, 2019 — by Daniel Smith0

botnets-960x540.jpg

Traditionally, DDoS is an avenue of profit for botherders. But today’s botnets have evolved to include several attack vectors other than DDoS that are more profitable. And just as any business-oriented person would do, attackers follow the money.

As a result, botherders are targeting enterprise and network software, since residential devices have become over saturated. The days of simple credentials-based attacks are long behind us. Attackers are now looking for enterprise devices that will help expand their offerings and assists in developing additional avenues of profit.

A few years ago, when IoT botnets became all the rage, they were mainly targeting residential devices with simple credential attacks (something the DDoS industry does not prevent from happening; instead we take the position of mitigating attacks coming from infected residential devices).

[You may also like: IoT Botnets on the Rise]

From Personal to Enterprise

But now that attackers are targeting enterprise devices, the industry must reevaluate the growing threat behind today’s botnets.

We now have to focus on not only protecting the network from external attacks but also the devices and servers found in a typical enterprise network from being infected by botnet malware and leveraged to launch attacks.

In a blog posted on MIT’s Technology Review titled, Inside the business model for botnets, C.G.J. Putman and colleagues from the University of Twente in the Netherlands detail the economics of a botnet. The article sheds some light on the absence of DDoS attacks and the growth of other vectors of attack generated from a botnet.

In their report, the team states that DDoS attacks from a botnet with 30,000 infected devices could generate around $26,000 a month. While that might seem like a lot, it’s actually a drop in the bucket compared to other attack vectors that can be produced from a botnet.

For example, C.G.J. Putman and Associates reported that a spamming botnet with 10,000 infected devices can generate $300,000 a month. The most profitable? Click fraud, which can generate over $20 million per month in profit.

[You may also like: Ad Fraud 101: How Cybercriminals Profit from Clicks]

To put that in perspective, AppleJ4ck and P1st from Lizard Squad made close to $600,000 over 2 years’ operating a stresser service called vDoS.

So let me ask this: If you are a botherder risking your freedom for profit, are you going to construct a botnet strictly for DDoS attacks or will you construct a botnet with more architecturally diverse devices to support additional vectors of profit?

Exactly. Botherders will continue to maximize their efforts and profitability by targeting enterprise devices.

Read the “IoT Attack Handbook – A Field Guide to Understanding IoT Attacks from the Mirai Botnet and its Modern Variants” to learn more.

Download Now

DDoSSecurity

Why Hybrid Always-On Protection Is Your Best Bet

June 19, 2019 — by Eyal Arazi0

hybridalwayson-960x640.jpg

Users today want more. The ubiquity and convenience of online competition means that customers want everything better, faster, and cheaper. One key component of the user experience is service availability. Customers expect applications and online services to be constantly available and responsive.

The problem, however, is that a new generation of larger and more sophisticated Distributed Denial of Service (DDoS) attacks is making DDoS protection a more challenging task than ever before. Massive IoT botnets are resulting in ever-larger volumetric DDoS attacks, while more sophisticated application-layer attacks find new ways of exhausting server resources. Above all, the ongoing shift to encrypted traffic is creating a new challenge with potent SSL DDoS floods.

Traditional DDoS defense – either premise-based or cloud-based – provide incomplete solutions which require inherent trade-offs between high-capacity volumetric protection, protection against sophisticated application-layer DDoS attacks, and handling of SSL certificates. The solution, therefore, is adopting a new hybrid DDoS protection model which combines premise-based appliances, together with an always-on cloud service.

Full Protection Requires Looking Both Ways

As DDoS attacks become more complex, organizations require more elaborate protections to mitigate such attacks. However, in order to guarantee complete protection, many types of attacks – particularly the more sophisticated ones – require visibility into both inbound and outbound channels.

[You may also like: DDoS Protection Requires Looking Both Ways]

Attacks such as large-file DDoS attacks, ACK floods, scanning attacks, and others exploit the outbound communication channel for attacks that cannot be identified just by looking at ingress traffic. Such attacks are executed by sending small numbers of inbound requests, which have an asymmetric and disproportionate impact either on the outbound channel, or computing resources inside the network.

SSL is Creating New Challenges

On top of that, SSL/TLS traffic encryption is adding another layer of complexity. Within a short time, the majority of internet traffic has become encrypted. Traffic encryption helps secure customer data, and users now expect security to be part of the service experience. According to the Mozilla Foundation’s Let’s Encrypt project, nearly 80% of worldwide internet traffic is already encrypted, and the rate is constantly growing.

[You may also like: HTTPS: The Myth of Secure Encrypted Traffic Exposed]

Ironically, while SSL/TLS is critical for securing user data, it also creates significant management challenges, and exposes services to a new generation of powerful DDoS attacks:

  • Increased Potency of DDoS Attacks: SSL/TLS connections requiring up to 15 times more resources from the target servers than the requesting host. This means that hackers can launch devastating attacks using only a small number of connections, and quickly overwhelm server resources using SSL floods.
  • Masking of Data Payload: Moreover, encryption masks – by definition – the internal contents of traffic requests, preventing deep inspection of packets against malicious traffic. This limits the effectiveness of anti-DDoS defense layers, and the types of attacks they can detect. This is particularly true for application-layer (L7) DDoS attacks which hide under the coverage of SSL encryption.
  • SSL Key Exposure: Many organizational, national, or industry regulations which forbid SSL keys from being shared with third-party entities. This creates a unique challenge to organizations who must provide the most secured user experience while also protecting their SSL keys from exposure.
  • Latency and Privacy Concerns: Offloading of SSL traffic in the cloud is usually a complex and time-consuming task. Most cloud-based SSL DDoS solutions require full decryption of customer traffic by the cloud provider, thereby compromising user privacy and adding latency to customer communications.

Existing Solutions Provide Partial Coverage

The problem, however, is that existing anti-DDoS defenses are unable to provide solutions that provide high-capacity volumetric protection while providing bi-directional protection required by sophisticated types of attacks.

On-Premise Appliances provide high level of protection against a wide variety of DDoS attacks, while providing very low latency and fast response. In addition, being on-premise, they allow companies to deal with SSL-based attacks without exposing their encryption keys to the outside world. Since they have visibility into both inbound and outbound traffic, they offer bi-directional protection against symmetric DDoS attacks. However, physical appliance can’t deal with large-scale volumetric attacks which have become commonplace in the era of massive IoT botnets.

[You may also like: How to (Securely) Share Certificates with Your Cloud Security Provider]

Cloud-based DDoS protection services, on the other hand, possess the bandwidth to deal with large-scale volumetric attacks. However, they offer visibility only into the inbound communication channel. Thus, they have a hard time protecting against bi-directional DDoS attacks. Moreover, cloud-based SSL DDoS defenses – if the vendor has those at all – frequently require that the organization upload their SSL certificates online, increasing the risk of those keys being exposed.

The Optimal Solution: Hybrid Always-On Approach

For companies that place a high premium on the user experience, and wish to avoid even the slightest possible downtime as a result of DDoS attacks, the optimal solution is to deploy an always-on hybrid solution.

The hybrid approach to DDoS protection combines an on-premise hardware appliance with always-on cloud-based scrubbing capacity. This helps ensure that services are protected against any type of attack.

[You may also like: Application Delivery Use Cases for Cloud and On-Premise Applications]

Hybrid Always-On DDoS Protection

Compared to the pure-cloud always-on deployment model, the hybrid always-on approach adds multi-layered protection against symmetric DDoS attacks which saturate the outbound pipe, and allows for maintaining SSL certificates on-premise.

Benefits of the Hybrid Always-On Model

  • Multi-Layered DDoS Protection: The combination of a premise-based hardware mitigation device coupled with cloud-based scrubbing capacity offers multi-layered protection at different levels. If an attack somehow gets through the cloud protection layer, it will be stopped by the on-premise appliance.
  • Constant, Uninterrupted Volumetric Protection: Since all traffic passes through a cloud-based scrubbing center at all times, the cloud-based service provides uninterrupted, ongoing protection against high-capacity volumetric DDoS attack.
  • Bi-Directional DDoS Protection: While cloud-based DDoS protection services inspect only the inbound traffic channel, the addition of a premise-based appliance allows organizations to inspect the outbound channel, as well, thereby protecting themselves against two-way DDoS attacks which can saturate the outbound pipe, or otherwise require visibility to return traffic in order to identify attack patterns.
  • Reduced SSL Key Exposure: Many national or industry regulations require that encryption keys not be shared with anyone else. The inclusion of a premise-based hardware appliance allows organizations to protect themselves against encrypted DDoS attacks while keeping their SSL keys in-house.
  • Decreased Latency for Encrypted Traffic: SSL offloading in the cloud is frequently a complex and time-consuming affair, which adds much latency to user communications. Since inspection of SSL traffic in the hybrid always-on model is done primarily by the on-premise hardware appliance, users enjoy faster response times and lower latency.

[You may also like: Does Size Matter? Capacity Considerations When Selecting a DDoS Mitigation Service]

Guaranteeing service availability while simultaneously ensuring the quality of the customer experience is a multi-faceted and complex proposition. Organizations are challenged by growth in the size of DDoS attacks, the increase in sophistication of application-layer DDoS attacks, and the challenges brought about by the shift to SSL encryption.

Deploying a hybrid always-on solution allows for both inbound and outbound visibility into traffic, enhanced protections for application-layer and encrypted traffic, and allows for SSL keys to be kept in-house, without exposing them to the outside.

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

Security

Executives Are Turning Infosec into a Competitive Advantage

June 18, 2019 — by Anna Convery-Pelletier0

cs7-960x584.jpg

Companies are more connected to their customers now than ever before.  After spending billions to digitally transform themselves, organizations have exponentially increased the number of touchpoints as well as the frequency of communication they have with their customer base. 

Thanks to digital transformation, organizations are more agile, flexible, efficient, and customer-centric. However, with greater access to customers comes an equal measure of increased vulnerability. We have all seen the havoc that a data breach can wreak upon a brand; hackers are the modern-day David to the Goliaths of the Fortune 1000 world. As a result, we have experienced a fundamental shift in management philosophy around the role that information security plays across organizations. The savviest leaders have shifted from a defensive to offensive position and are turning information security into a competitive market advantage.

Each year, Radware surveys C-Suite executives to measure leadership sentiment around information security, its costs and business impacts.  This year, we studied the views and insights from 263 senior leaders at organizations primarily with revenue in excess of 1 billion USD/EUR/GBP around the world. Respondents represented 30% financial services, 21% retail/hospitality, 21% telecom/service provider, 7% manufacturing/distribution, 7% computer products/services, 6% business services/consulting, and 9% other.

This year’s report shines a spotlight on increased sophistication of management philosophy for information security and security strategy. While responsibility for cybersecurity continues to be spearheaded by the CIO and CISO, it is also being shared throughout the entire C-Suite.

[You may also like: How Cyberattacks Directly Impact Your Brand]

In fact, 72% of executives responding to our survey claimed that it’s a topic discussed in every board meeting. 82% of responding CEOs reported high levels of knowledge around information security, as did 72% of non-technical C-Suite titles – an all-time high! Security issues now influence brand reputation, brand trust, and consumer trust, which forces organizations to infuse information security into core business functions such as customer experience, marketing and business operations.

All with good reason. The average cost of a cyberattack is now roughly $4.6M, and the number of organizations that claim attacks cost them more than $10M has doubled from 2018 to 2019.

Customers are quite aware of the onslaught of data breaches that have affected nearly every industry, from banking to online dating, throughout the past ten years. Even though many governments have passed many laws to protect consumers against misuse of their data, such as GDPR, CASL, HIPPA, Personally Identifiable Information (PII), etc., companies still can’t keep up with the regulations. 

[You may also like: The Costs of Cyberattacks Are Real]

Case in point: 74% of European executives report they have experienced a data breach in the past 12 months, compared to 53% in America and 44% in APAC. Half (52%) of executives in Europe have experienced a self-reported incident under GDPR in the past year.  

Consumer confidence is at an all-time low. These same customers want to understand what companies have done to secure their products and services and they are willing to take their business elsewhere if that brand promise is broken. Customers are increasingly taking action following a breach. 

[You may also like: How Do Marketers Add Security into Their Messaging?]

Reputation management is a critical component of organizational management. Savvy leaders recognize the connection between information security and reputation management and subsequently adopted information security as a market advantage.

So How Do Companies Start to Earn Back Trust?

These leaders recognize that security must become part of the brand promise. Our research shows that 75% of executives claim security is a key part of their product marketing messages. 50% of companies surveyed offer dedicated security products and services to their customers. Additionally, 41% offer security features as add-ons within their products and services, and another 7% are considering building security services into their products.

Balancing Security Concerns with Deployment of Private and Public Clouds

Digital transformation drove a mass migration into public and private cloud environments.  Organizations were wooed by the promise of flexibility, streamlined business operations, improved efficiency, lower operational costs, and greater business agility. Rightfully so, as cloud environments have largely fulfilled their promises.

[You may also like: Excessive Permissions are Your #1 Cloud Threat]

However, along with these incredible benefits comes a far greater risk than most organizations anticipated. While 54% of respondents report improving information security is one of their top three reasons for initiating digital transformation processes, 73% of executives indicate they have had unauthorized access to their public cloud assets.  What is more alarming is how these unauthorized access incidents have occurred.

The technical sophistication of the modern business world has eroded the trust between brands and their customers, opening the door for a new conversation around security. 

Leading organizations have already begun to weave security into the very fabric of their culture – and it’s evidenced by going to market with secure marketing messages (as Apple’s new ad campaigns demonstrate), sharing responsibility for information security across the entire leadership team, creating privacy-centric business policies and processes, making information security and customer data-privacy part of an organization’s core values, etc.  The biggest challenges organizations still face is in how best to execute it, but that is a topic for another blog…

To learn more about the insights and perspectives on information security from the C-Suite, please download the report.

Read “2019 C-Suite Perspectives: From Defense to Offense, Executives Turn Information Security into a Competitive Advantage” to learn more.

Download Now

Botnets

What You Need to Know About Botnets

June 12, 2019 — by Radware0

BotNet.jpeg

Botnets comprised of vulnerable IoT devices, combined with widely available DDoS-as-a-Service tools and anonymous payment mechanisms, have pushed denial-of-service attacks to record-breaking volumes.

A single attack can result in downtime, lost business and significant financial damages. Understanding the current tactics, techniques and procedures used by today’s cyber criminals is key to defending your network.

Watch this latest video from Radware’s Hacker’s Almanac to learn more about Botnets and how you can help protect your business from this type of sabotage.

Download “Hackers Almanac” to learn more.

Download Now