What DDoS attacks reveal about your security infrastructure
by Carl Herberger - VP of Security, Radware - Monday, 31 December 2012.
As we close out 2012, there is no doubt that this year will go down as epic in the history books of information security professionals. Looking back on the year it’s not hard to find a laundry list of security programs that have been overrun by nefarious perpetrators or to see how dramatically different the risk landscape is today than just a year ago. Taking stock of it all, the following are some of the most notable attacks:
  • Jan - Feb 2012 – Group Anonymous attacks various Israeli sites leaving, among others, the Israeli Stock exchange in operational duress for a moment
  • March 2012 – Operation Global Blackout – Group Anonymous threatens to take out the internet by attacking the DNS infrastructure of the world
  • July – Aug 2012 – Admin.HLP Trojan wreaks havoc in wild
  • Aug 2012 – AT&T suffers a near day long outage originating from an attack on their DNS infrastructure
  • Sept – Oct 2012 – Operation Ababil launched against US banking and financial institutions. The vast majority of US banks suffer various degrees of outages, attacks leverage new SSL tool
  • Nov – Dec 2012 – OpIsrael & OpZionism launched against various Israeli interests as a result of ongoing political struggles.
While these are just a few of this year’s attack profiles, there are more than enough lessons to be learned from each event to teach security professionals for months and years to come.

So, what did we learn from this year of carnage? I think we would be fooling ourselves if we believed that the overall success of this past year’s attacks could be attributed to luck or isolated to a few obscure examples. These attacks were by-and-large effective across a multitude of technologies, geographies and industries.

The attacks seemed to have little correlation on the surface as their effectiveness seemed to be felt without regard to the size of the company, geographic operations, the security technologies these organizations had in place or the amount of people studying the problem (e.g. security professionals, risk assessment results, etc).

However, if we are honest with ourselves, not all of the attacks have been successful thus far. There have been notable security programs that have weathered the storm by-and-large intact. Although they shall remain nameless to protect them from undue future attention, these programs were indeed different from the ones that suffered outages.

The people behind these programs are really the unsung heroes of 2012. These security professionals have provided us with a stable model of defense going forward. Let’s look at what they’ve taught us.

Security blind spots

Overall, the programs that were most effective against cyber attacks have taught us that they are doing something other (failed) programs are not. In the vernacular of security professionals, the difference between an effective program and an ineffective program is called a ‘security blind spot’.

The high-level differences between organizations that have been able to successfully withstand cyber attacks and others that have not are readily apparent when surveying the 2012 cyber security landscape. Below are the five most important lessons learned from those organizations that have managed to build a resilient security environment.

The 5 ingredients of a resilient cyber security environment:

1. Increase focus on availability-security

While most security environments focus exclusively on confidentiality and integrity-based security models, latency is a high priority for folks that are most successful. To effectively combat today’s threats, all three aspects – confidentiality, integrity and availability – must be a priority in order to ensure comprehensive security.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th