main

Attack MitigationSecurity

Consolidation in Consumer Products: Could it Solve the IoT Security Issues?

October 9, 2018 — by David Hobbs1

consolidation_in_iot_security_blog-960x640.jpg

In 2003, I went to Zermatt, Switzerland to go snowboarding under the Matterhorn. We had an eclectic group of people from all over the world. Some of us were enthusiasts, some ski patrol or medics, and a few were backcountry avalanche trained. Because of this, we had a lot of different gear with us, including ice saws, shovels, probes, avalanche beacons, radios, etc. In addition to the gear we carried, we also brought cameras, cell phones, MP3 players and of course, large battery charger bays with international inverters/adapters to keep everything going. I had a backpack with all the avalanche and snow testing gear. In my jacket, I carried an avalanche beacon,  digital camera,  flip cell phone,  family radio with a long external mic, GPS, and an MP3 player with headphones. I felt like I was Batman with all the gear crammed all over the place. I told one of my friends on the trip that one day all of this technology would be consolidated into one device – radio, phone, camera, MP3 player, and avalanche beacon. My friends thought I was crazy and that it would never happen. Fast forward to the smartphone where we now have it all, with the exception of Avalanche beacon, in one device.

To think that many of us had these “point solutions” in our personal tech and now it’s all consolidated into one makes me wonder when will we consolidate at home?

The future of the smart home

I have a Zigbee bridge for my lights, a Zigbee bridge for my blinds, 5 smart speakers, solar panels on the blinds (to charge them and get heat/sunlight measures), smart smoke detectors, smart locks, IP cameras, smart watering system for the plants, smart lights, smart alarm, UTM firewall, WiFi mesh, etc. These are all point solutions. Some of them are really neat and probably should stay point solution based, but what if the technology companies today were to start thinking about consolidating and adding security into the mix?

[You might also like: Cities Paying Ransom: What Does It Mean for Taxpayers?]

I’ve started to look at upgrading my home WiFi network as my smart TV and smart streaming box are now struggling to play streaming movies. After looking at some of the new consumer level WiFi mesh solutions, they show a lot of promise. One of the vendors I’m considering offers not only an easy to set up mesh WiFi, but they also provide automatic channel changing for WiFi radio frequencies to find the fastest radio, as well as automatically move devices around to access points. One of them offers VPN services as well as anti-virus and content filtering, (keeping you safe from malicious websites) and giving out tokens for guests and keeping them on their own network. This all looks great, but I started to think back to Zermatt, Switzerland.

What if the smart home speaker manufacturers wanted to really capture the market? What if you could get a smart speaker that had both a WiFi Mesh Access Point, Zigbee/Zwave access point (for lights, controllers, etc), and cloud-based security features in it? If I could drop a new smart speaker in any room and set it up in 3-5 minutes and have it join my wireless mesh network, it could cover a lot of territories quickly. Now, if one of them were the base unit that plugged into the internet router, it could be the main interface for security. Take all the device groups and help suggest security policies to keep them from talking to things they shouldn’t (like the cameras should never talk to the smart watering controller). What if it could look for IoT threats that spread internally as well as connections to malware Command and Control servers?

Security should be a priority

In terms of the security that could easily be offered and bundled across this platform could be things like VPN (both to and from the home network). This could allow you to browse safely while using public WiFi. You could also access any home devices that may not be very secure from the manufacturers like IP cameras and DVR’s without having to expose them to the world. Cloud-based security offerings could do things like look for malware infections and requests to malware botnet controllers. Then, layers like intrusion prevention and active WiFi defense layers could help detect if hackers were aiming at getting onto the network and doing harm. And finally, putting all of these offerings into a single pane of glass for visibility would definitely be attractive to end customers.

Granted, I know this could put the point solution providers in a position where their WiFi solutions and home routers become less valuable to the mainstream. But what if we got better antivirus and IOT protection? I can only dream of the day that we as consumers are able to consolidate all of our home networks to a real smart home-based solution. I know in the enterprise IT market; we have gained the popularity of Unified Threat Management platforms. Firewalls that do Intrusion Prevention, Wireless Intrusion Prevention, Inline Antivirus, Content Filtering, Guest and networks. I think the next logical step is to see all of these features consolidated into the next generation smart home speakers. How long will it take to see this reality? I don’t know. Will people think this idea is crazy? Probably.

Update: At the time of writing this, there has been an announcement from one of the smart home speaker manufacturers for a new smart home speaker. This new line will actually include a smart home hub in the speaker.  Nothing has been said as to whether it provides any security features.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

DDoSSecurityWeb Application Firewall

Security Risks: How ‘Similar-Solution’ Information Sharing Reduces Risk at the Network Perimeter

August 23, 2018 — by Thomas Gobet0

security_network_perimeter-960x540.jpg

We live in a connected world where we have access to several tools to assist in finding any information we need. If we choose to do something risky, there is often some type of notification that warns us of the risk.

The same holds true in IT departments. When a problem occurs, we search for answers that allow us to make decisions and take action. What problem created the outage? Do I need to increase the bandwidth or choose a CDN offering? Do I need to replace my devices or add a new instance to a cluster?

Connected Security

We all know that connected IT can help us make critical decisions. In the past, we have depended on standalone, best-of-breed security solutions that detect and mitigate locally but do not share data with other mitigation solutions across the network.

[You might also like: Web Application in a Digitally Connected World]

Even when information is shared, it’s typically between identical solutions deployed across various sites within a company. While this represents a good first step, there is still plenty of room for improvement. Let us consider the physical security solutions found at a bank as an analogy for cybersecurity solutions.

A robber enters a bank. Cameras didn’t detect the intruder wearing casual clothes or anything identifying him or her as a criminal. The intruder goes to the first teller and asks for money. The teller closes the window. Next, the robber moves to a second window, demanding money and that teller closes the window. The robber moves to the third window, and so on until all available windows are closed.

Is this the most effective security strategy? Wouldn’t it make more sense if the bank had a unified solution that shared information and shut down all of the windows after the first attempt? What if this robber was a hacker who is trying to penetrate your system? Would you allow the hacker to try and break into more than one network silo after the first attempt?

Comprehensive Security Via An Enterprise-Grade Suite Solution

As we’ve seen in the example above, having mitigation solutions that can share attack information allows an organization to block a new “signature” when you see the request. But this only applies when the traffic reaches the solution. How could the bank better protect itself from the robber?

  • Should they do active verification at the entrance?
    • No, it would be time-consuming for customers who may consider not coming back.
  • Should they keep a list of customers allowed?
    • No, otherwise they would turn off new customers.
  • Should they signal the risk to other desks and entrance security?
    • Yes, that way all windows would be closed simultaneously and security guards would be able to catch the intruder and any future attempts to enter.

Imagine these windows are your different sites and the security guard placed at the entrance is your security solution at the perimeter of your network. Identifying abnormal behavior from normal behavior requires you to perform analysis of network traffic. The more advanced the analysis is the closer to the backend application the solution is. That way we can ensure only traffic allowed by prior solutions doing first security barriers gets through. Being close to the application means that analyzed traffic went through: router, firewalls, switches, IPs, anti-virus, anti-DLP and many other solutions (in classic architectures).

Organizations require a fully integrated WAF and DDoS mitigation appliance that can communicate effectively to allow WAF solutions (deployed close to the application) to warn anti-DDoS systems (deployed at the perimeter) that an attacker is trying to penetrate the perimeter.

In the blog “Accessing Application With A Driving License,” Radware recommends blocking any requests coming from clients with abnormal behavior. This mechanism was only applied to the WAF, but with this added communication, it goes even one step further and blocks bad requests and/or bad clients who are trying to access your network.

[You might also like: Accessing Application With a Driving License]

With a fully integrated WAF and DDoS detection and mitigation solution that communicates with one another, these devices will save you time and processing power and they will be more effective in blocking intrusions to your network.

Download “Web Application Security in a Digitally Connected World” to learn more.

Download Now

SecurityWAF

Web Application Security in a Digitally Connected World

November 14, 2017 — by Ben Zilberman0

web-application-security-research-960x608.jpg

Apps control our lives today. We pay our bills, do our shopping, communicate with our doctors, buy our groceries, order a taxi, and even order our lunch through ‘apps.’  If you can think of it, there is an app for it. And these apps live on our phones, our desktops, in web portals and even in our internal networks. However, all these apps create new and different types of security challenges for an organization’s network. The speed and complexity inherent in these technological advances expose application vulnerabilities, security risks and skills deficiencies that can compromise sensitive data, devalue the brand, and affect financial performance.

Application DeliverySSLWAF

Outbound SSL Solutions Protect Assets in the Wild

August 22, 2017 — by Frank Yue0

outbound-ssl-inspection-blog-2-960x576.jpg

Businesses need to protect their assets when they are within their protective infrastructure AND when they are actively exposed or placed within the unprotected external world. The tools and procedures needed to protect the internal assets are different from the ones that protect the assets when they leave the confines of the secured network.

Application DeliverySecurityWAF

Cloud WAF: Why a Checkbox Isn’t Enough

May 10, 2017 — by Daniel Lakier2

cloud-WAF-960x540.jpg

I remember when I first learned about Web application firewall technology. It seemed like magic to me: A device that could compensate for bad coding or unexpected/unintended web application functionality. It could do this by learning expected application behavior and then enforcing said behavior, even if the application itself was capable of allowing the unwanted behavior. The business case for such a technology is easily recognizable even more so today than it was in the mid- to early 2000’s when it first came out: the ability to have a device compensate for human error.

DDoSSecurityWAF

CDN Security is NOT Enough for Today

March 8, 2017 — by David Hobbs0

cdn-security-960x709.jpg

 

Today, many organizations are now realizing that DDoS defense is critical to maintaining an exceptional customer experience. Why? Because nothing diminishes load times or impacts the end users’ experience more than a cyber-attack, which is the silent killer of application performance.

As high-availability and high performance distributors of content to end-users, CDNs can serve as a lynchpin in the customer experience. Yet new vulnerabilities in CDN networks have left many wondering if the CDNs themselves are vulnerable to a wide variety of cyber-attacks, such as forward loop assaults.

So what types of attacks are CDNs vulnerable too? Here are top 5 cyber threats that threaten CDNs so you can safeguard against them.

Blind Spot #1: Dynamic Content Attacks

Attackers have learned that a significant blind spot in CDN services are the treatment of dynamic content requests. Since the dynamic content is not stored on CDN servers, all the requests for dynamic content are sent to the origin’s servers. Attackers are taking advantage of this behavior and they generate attack traffic that contains random parameters in the HTTP GET requests. CDN servers immediately redirect this attack traffic to the origin, expecting the origin’s server to handle the requests. But, in many cases, the origin’s servers do not have the capacity to handle all those attack requests and they fail to provide online services to legitimate users, creating a denial-of-service situation.

Many CDNs have the ability to limit the number of dynamic requests to the server under attack. This means that they cannot distinguish attackers from legitimate users and the rate limit will result in legitimate users being blocked.

Blind Spot #2: SSL-based attacks

SSL-based DDoS attacks target the secured online services of the victim. These attacks are easy to launch and difficult to mitigate, making them attackers’ favorites. In order to detect and mitigate DDoS SSL attacks, CDN servers must first decrypt the traffic using the customer’s SSL keys. If the customer is not willing to provide the SSL keys to its CDN provider, then the SSL attack traffic is redirected to the customer’s origin, leaving the customer vulnerable to SSL attacks. SSL attacks that hit the customer’s origin can easily take down the secured online service.

During DDoS attacks when WAF technologies are involved, CDN networks also have a significant weakness in terms of the number of SSL connections per second from a scalability capability, and serious latency issues can arise.

[You might also like: WAF and DDoS – Perfect Bedfellows: Every Business Owner Must Read.]

PCI and other security compliance issues are also a problem as sometimes this limits the data centers that are able to be used to service the customer, as not all CDN providers are PCI compliant across all datacenters. This can again increase latency and cause audit issues.

Blind Spot #3: Attacks on non-CDN services

CDN services are often offered only for HTTP/S and DNS applications. Other online services and applications in the customer’s data center such as VoIP, mail, FTP and proprietary protocols are not served by the CDN and therefore traffic to those applications is not routed through the CDN. In addition, many web-based applications are also not served by CDNs. Attackers are taking advantage of this blind spot and launch attacks on applications that are not routed through the CDN, hitting the customer origin with largescale attacks that threaten to saturate the Internet pipe of the customer. Once the Internet pipe is saturated, all the applications at the customer’s origin become unavailable to legitimate users, including the ones that are served by the CDN.

Blind Spot #4: Direct IP Attacks

Even applications that are serviced by a CDN can be attacked once the attackers launch a direct attack on the IP address of the web servers at the customer origin. These can be network based floods such as UDP floods or ICMP floods that will not be routed through CDN services, and will directly hit the servers of the customer at the origin. Such volumetric network attacks can saturate the internet pipe, resulting in taking down all the applications and the online services of the origin, including the ones that are served by the CDN. Often misconfiguration of “shielding” the data center can leave the applications directly vulnerable to attack.

Blind Spot #5: Web Application Attacks

CDN protection for web applications threats is limited and exposes the web applications of the customer to data leakage, data thefts and other threats that are common with web applications. Most CDN-based web application firewall capabilities are minimal, covering only a basic set of predefined signatures and rules. Many of the CDN-based WAFs do not learn HTTP parameters, do not create positive security rules and therefore it cannot protect from zero day attacks and known threats. For the companies that DO provide tuning for the web applications in their WAF, the cost is extremely high to get this level of protection.

In addition to the significant blind spots identified earlier, most CDN security services are not responsive enough, resulting in security configurations that take hours to manually deploy and to spread across all its network servers. The security services are using outdated technology such as rate limit that was proven to be inefficient during the last attack campaigns, and it lacks capabilities such as network behavioral analysis, challenge – response mechanisms and more.

 

DDoS_Handbook_glow

Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now

DDoSSecurityWAF

WAF and DDoS – Perfect Bedfellows: Every Business Owner Must Read.

March 2, 2017 — by David Hobbs0

waf-ddos-960x640.jpg

Among the reasons to marry DDoS & WAF (web application firewall) together, beyond a single pane of glass, beyond single vendor and quick technical response, and higher quality detection and mitigation – it makes sound business sense. Today, a good number of companies have developed the understanding that DDoS defense is critical to maintaining an exceptional customer experience (CX). Because of the extremely competitive nature of business these days, we are seeing more companies make the investments into digital transformation and customer experience. According to Gartner, customer experience is the new king.

Application DeliverySecurityWAF

DevOps and Security: Yes We Can

May 19, 2016 — by Ron Meyran0

web-application-firewall-3-960x679.png

Airlines, retailers, travel service providers, banks, marketplaces, and social media – all rely on their web applications to generate revenues or facilitate productivity. They typically develop and maintain their own web applications which are tailored for their business needs. To support the growing needs of their online presence, they are adopting agile development practices also known as DevOps and Continuous Deployment.

Application DeliveryDDoSSecurity

Why Cloud-based and ISP-based Scrubbing Alone Are Inadequate.

May 18, 2016 — by David Monahan0

cloud-scrubbing-2-960x713.png

On occasion, the topic of DDoS defense has come up and invariably goes to, “Why can’t organizations rely on ISP and cloud scrubbing services to protect themselves from DDoS attacks?” The conversation also rolls over to, “Why can’t organizations rely on on-premises solutions to protect themselves from DDoS attacks?” The latter is usually asked by someone who is a novice in the field, but both are valid questions. The true answer lies with a combination defense or, to coin a common security phrase, “defense-in-depth.”

SecurityWAF

Protecting Your Applications Everywhere – Are You in Good Hands?

April 28, 2015 — by Shira Sagiv2

Cloud migration – one of the top trends this past year and predicted by many to be a top trend in 2015 – brings with it many benefits to the organization.  You can enjoy cost savings, scalability, flexibility, and productivity benefits for your organization, your customers and your partners.  Regardless of the industry they belong to, today’s enterprises are finding that the cost and speed advantages of cloud cannot be ignored.