Unprotected enterprises are at serious risk

12/04/2013

 

Last year saw a spate of a high-profile DDoS attacks on UK organisations, including the Home Office, BBC and HSBC. Now, more than ever, DDoS is a very real threat – and not only to high-profile government organisations and financial institutions. Any business is prone to attack, no matter how big the company is, or what industry it operates within. There are many motivations for DDoS attacks, including political ideology, competitive rivalry and extortion. This means that any enterprise operating online (which applies to just about any type and size of business operating in the UK) can fall victim because of who they are, what they sell, who they partner with or for any other real or perceived affiliations. Nobody is immune. 

Arbor Networks’ WorldWide Infrastructure Report 2012, published last month, shows that nearly half of respondents suffered attacks targeted at their Internet data centers during the survey period. 94% of these recipients are seeing DDoS attacks regularly. As more companies move their services to the cloud, they have to be aware of the risks and the potential for collateral damage. With e-commerce and online gaming sites being the most common targets, according to survey results this year, sharing data centres with these organisations brings some risk.

What is particularly concerning is that enterprises are under the impression that they are actually protected by their existing firewalls and Intrusion Protection Systems (IPS). However, while these products play an important part of an organisation’s defence strategy, they lack a vital capability. They do not protect against availability of services. And furthermore, these products themselves are often the target of DDoS attacks. 

Data centre operators need to understand that availability of services begins with security. If your data centre is not available, network integrity and confidentiality will get you nowhere - because it will not help your customers, business or your brand. 

Existing devices are failing
IPS devices, firewalls and other security products are essential elements of a layered-defense strategy, and are designed to solve specific security problems, but they do not detect or mitigate against DDoS. They effectively address network integrity and confidentiality, but they fail to address a fundamental focal point of DDoS attacks – network availability. Adding to the security threat, IPS devices and firewalls maintain state information for every session established between a client on the Internet and the corresponding server in the data centre, which means they are vulnerable to DDoS attacks and often become the target themselves, serving as chokepoints.

When it comes to protection against DDoS, many enterprises and data centre operators have been lulled into a false sense of security. They think they have secured their services against attacks by deploying IPS devices or firewalls in front of their servers. In reality, such deployments can actually expose these organisations to service outages – which have a direct impact on customer satisfaction and therefore, revenue. Typical users of data centre and cloud services expect on-demand services. When business critical services are not available, enterprises and data centre operators can lose millions of pounds and potentially damage important customer and partner relationships. Availability of services is critical and can pose a major barrier to cloud adoption.

The attack landscape
Attackers see high-profile applications in shared Cloud Data Centres as an attractive target for criminal activity. Arbor’s WorldWide Infrastructure Report shows that 83.3% of respondents saw between 1 and 50 attacks per month. Also, while the use of firewalls has increased since last year - 35% saw their firewalls fail at protecting against DDoS attacks during the survey period.

Furthermore, the survey showed that while attack sizes have plateaued, they have become more complex. The largest attack reported was 60 Gbps, which is the same as in 2011. However, 46% reported multi-vector attacks – meaning that they are becoming much more complex. Attackers have now turned to sophisticated, long-lived, multi-vector attacks – combinations of attack vectors designed to cut through the defences an organisation has in place – to achieve their goals.  Multi-vector attacks are the most difficult to defend against and require layered defences for successful mitigation. The recent attacks on financial institutions are strong examples of multi-vector attacks.

Hackers love cloud infrastructures because they involve a small number of service providers who are responsible for delivering, distributing and hosting a large amount of content. This allows their attack to create the collateral damage effect. If they attack  one of the providers or anyone who is operating on a shared infrastructure of that provider, it is possible for them to damage or negatively impact any number of consumers using that shared infrastructure. When one domain is attacked, those hundreds of thousands of domains can go off line or experience connectivity issues. The damage is not isolated or limited to a partitioned area. Attack one target and a million domains can be affected. The consequence is a staggering ripple effect.

On-premise threat mitigation
Visibility into DDoS botnets is an absolute necessity, especially when they are constantly changing and morphing to thwart detection. An on-premises availability protection system (APS) enables a layered defense strategy, which includes upstream ISPs and firewalls, to combat both volumetric and application-layer DDoS attacks.

An on-premise DDoS device can block advanced attacks, such as application layer DDoS attacks, using packet-based threat detection and multiple counter measures. These threat detection and counter measures detect and stop application layer DDoS attacks that are difficult to detect in the cloud. The on-premise DDoS device needs to provide visibility into critical IP services and applications running in the data centre such as HTTP, DNS, VoIP/SIP and SMTP traffic, With the correct visibility, the data centre can be protected from numerous types of attack, including TCP State Exhaustion, HTTP/Web Attacks, DNS Floods/Authentication Attacks, TCP SYN Floods, Spoofed/Non-Spoofed Attacks, UDP Floods and more.

Signs of intelligence
A strong, premise-based APS will provide immediate protection with zero downtime for the data centre and its services and applications. It also cannot have any lag time between detection and protection for all botnet threats. But it also should not be burdensome or cost-prohibitive and should not require in-house expertise or full time operators to truly realise all of its benefits.

It’s important for today’s cloud-based data centre to implement a multi-layered security solution that can simultaneously protect its network infrastructure, IP-based service sand data, as all of these are vulnerable to attacks or compromise. This multi-layered protection is the only to safeguard the data centre infrastructure, the applications and services and finally, the data that drives the business, the brand and the revenue. By working with vendors who connect the right pieces to the right parts of the puzzle, channel partners can support end-users by helping them protect themselves against the minefield of security threats that they face today.

By Jeremy Nicholls, European Channel Director – Arbor Networks

 

Registrati Gratis a informationsecuritynews.it

Stai visualizzando una versione ridotta di questo contenuto. Per consultare la versione completa puoi registrarti gratuitamente al sito. Impiegherai pochi secondi
> e-mail
> password

SecuSUITE for BlackBerry 10

04/03/2013

Secusmart GmbH today announces that the SecuSUITE for BlackBerry® 10 solution has been selected by the German Procurement Office and Federal Office for Information Security (BSI) for classified communications for the German government.

Website Security Solutions Advance the Future of Trust and Protection on the Internet

04/03/2013

Symantec unveiled new updates to its Website Security Solutions portfolio with innovative and comprehensive capabilities to meet the increasing security and performance needs for connected businesses

To enable organizations to better prepare for attacks

18/02/2013

HP announced a new set of security services that help organizations respond to, remediate and mitigate the impact of security breaches as they occur

Predictions for 2013

12/12/2012

It’s that time of year again when I make my bold (“somewhat safe” depending on your point of view) predictions for the upcoming year – 2013.

Security Industry Needs a Healthy Job Market

19/10/2012

The information security industry is facing an inflationary spiral, which is both unsustainable and bad for the economy as the skills gap in information security continues to widen

Defining networking product for enterprise cloud migrations

17/09/2012

CohesiveFT specializes in helping enterprises run business operations via the cloud, today announced the general availability of VNS3 3.0 (VNS-cubed 3.0), the latest update to its market-leading software defined network (SDN) product for cloud security and control

Articoli
News
Business Solution
Focus
International News
Appuntamenti
Video
Aggiornamento professionale
Servizio My IS
Il Progetto
Comitato Consultivo
AttivitĂ  2011
Contatti
Privacy Policy
Eventi
La Rivista
I WebBook
I Libri
La Newsletter


SEDE - Edisef Srl
PI / CF: 02448980595
Via Giovanni Battista Falda, 3
00152 Roma


Tel 06.58.95.104
Fax 06.58.17.93.16