Advertisment

The threat of multilayer cyber attacks

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Traditional security technologies are struggling to keep pace with the expanding threat landscape as cyber attacks become more malicious, employees become more dispersed and infrastructures grow more complex.

Advertisment

Today’s cyber attacks are sophisticated and multilayered, using several attack vectors that target the network as well as the underlying applications and data. An attack might begin at the network layer with a denial of service and then proceed to target application vulnerabilities through a web browser. IT departments are challenged to effectively address these security concerns.

Traditional point solutions such as firewalls, antivirus software, and intrusion detection and prevention systems tend to focus on solving specific security issues and are often deployed on individual devices. Point solutions are simply inadequate to provide a robust defense against multilayer attacks. These offer no cross-layer visibility, detection, or protection capabilities. The approach is static and limits IT’s ability to enforce an integrated security policy that is needed to adequately protect applications, users, and data.

Victims of cyber attacks are frequently caught by surprise because they genuinely believe their point security solutions provide more than adequate protection. Yet, firewalls fail during network layer Denial of Service attacks as well as application-level DoS attack.

Advertisment

With traditional safeguards falling short in understanding traffic context and protecting against complex blended threats, many organizations view Application Delivery Controllers (ADCs) as an appropriate alternative to traditional security solutions. And believe that ADCs could replace many if not most of the traditional safeguards.

While the cyber attacks themselves cannot be prevented, most of the resulting security breaches can be stopped. Putting up an adequate defense against such multilayer attacks requires an integrated approach that combines network security, application security, and access control. As organizations begin to move their applications and data into the cloud, an integrated approach to security is even more critical.

When organizations deploy security in silos – perimeter protection, application layer protection, data protection -- they lose sight of the context of what’s happening within each silo and how that might affect the others.

Advertisment

Many of today’s cyber attacks are blended across the network, protocol, user and application. Unifying security across layers 3 to 7 in the network stack enables organizations to better identify, defend, and adapt to these blended threats. An integrated approach to security gives organizations an edge over attackers by making it more difficult to exploit a particular vulnerability across many vectors.

When crafting their security strategy, organizations would do well to consider the following:

Protection for Interactive Web 2.0 Applications

Advertisment

A combination of a web application firewall and application security will help organizations protect interactive web 2.0 applications, such as a real-time stock site that continuously updates pricing information.

Unified and Dynamic Access Control

With a growing number of users accessing corporate resources from personal devices such as smartphones, tablets, and laptops, IT is challenged to enforce common access and security policies across a vast range of devices, locations, and applications.

It is key to put IT back in control by providing enhanced support for endpoint inspection, multiple authentication methods, single sign-on, and external access control lists. Administrators need to receive detailed information about users, applications, and the network that will give them the context they need to create network and application access policies as well as the single point of control from which to enforce those policies globally.

Advertisment

Centralized management capability can substantially reduce IT costs and increase the productivity of users who will then be able to access a much broader range of domains and applications.

Enhanced Management and Reporting Capabilities

To provide application-level security and ensure adequate response time for users, administrators need powerful visibility and reporting tools. With customizable reporting features and contextual user visibility tools, administrators can track information, such as who is online and when, what type of device and network they are using, and which applications and other resources they are accessing.

Advertisment

Scalable DNS Infrastructure with DDoS Attack Mitigation

When DoS or DDoS attacks occur, the DNS is just as vulnerable as the web application or service that is being targeted. To withstand attacks, it is critical to have the ability to protect and scale the DNS infrastructure. With a high-speed DNS delivery solution, DNS query response performance can be improved by as much as tenfold. It can also relieve existing DNS servers and absorb the flood of illegitimate requests during attacks while continuing to support legitimate queries.

The high profile Anonymous and LulzSec attacks in 2011, demonstrate how hackers use massive, global, and random attack patterns. An organization’s security approach must be able to withstand the sheer size and scope of today’s attacks, and do so cost effectively.

Organizations can also benefit by leveraging the combined power of a user community to mitigate the growing and changing landscape. A strong community of like-minded individuals can provide shared wisdom and insight, resulting in enhanced visibility, command, and control. With active contributions from a focused community, dynamic threat response and adaptability can be improved to the benefit of all.

(The author is Managing Director of F5 Networks India, SAARC)

tech-news