Page 105 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 105
3. Web Application Firewalls (WAF) have traditionally monitored external customers using an
application hosted by your website and offer protection against SQL injections and other attacks.
These devices are still adopted widely because they are now primarily software-based, which
advances their capabilities to be on par with real-time application self-protection (RASP)
technology. Software-defined WAFs allow you to add a small piece of code to a web application.
The code checks traffic and runs analysis in the cloud, letting you know if you should block or
allow each attempted connection. The best part is that software-defined WAFs enable changes
and updates to be applied to a small piece of code, so the chances of application performance
being affected are slim.
4. Lateral Movement Detection includes network traffic analysis tools that look for anomalous
behavior so you can identify and mitigate malicious connections that may get by your NAC and
firewall. It’s an important layer to a network security strategy because no perimeter defense can
offer 100% protection. If someone slips past your firewall and gets a user to download malware,
it may be difficult to detect the anomalous activity unless you are monitoring traffic. A key aspect
to consider in evaluating a traffic monitoring tool is the machine learning algorithm, because it’s
this feature that controls the threshold for false positives. It’s inevitable that you’ll experience some
false alarms, but when there are too many, they distract the security team from investigating real
threats. To find a solution with a strong algorithm that does not generate too many false positives,
run a proof-of-concept for at least two weeks to see how it performs. Lateral movement detection
tools also help you determine if anyone is jumping from machine-to-machine on your network.
This is particularly helpful for flat networks that utilize a reduced number of routers and switches.
Attackers who break into a flat network can easily jump from one part of the network to another,
staying ahead of your scans. Detecting lateral movement will help you find adversaries moving
around your environment and network monitoring analysis tools can help you find insider threats.
You can also trace how malware spreads, making it easier to contain.
5. DDoS Mitigation protects you from distributed denial of service (DDoS) attacks that use
hundreds or even thousands of devices to send large amounts of traffic to overwhelm a server.
When that happens, web sites and applications become unavailable, or worse, entire
organizations go offline. As a result, you risk loss of revenue and customer churn. Many
businesses rely on their ISP to prevent DDoS attacks, but some ISPs have better threat detection
and mitigation capabilities than others so the level of security varies. Adding to the uncertainty of
protection is the fact that ISPs don’t have good visibility into your applications and their use, so
they don’t have the ability to determine which traffic is legitimate, so all users and traffic are
blocked until an attack is thwarted. But the leading DDoS mitigation solutions are able to block
only the attack traffic so that legitimate traffic can pass through the network. So, while the attack
is being mitigated, the business continues as usual.
6. Deception Technologies are the evolution of the honeypot, giving you a way to trick attackers
with decoy servers, workstations, and user credentials. Businesses used to rely on honeypots to
distract cybercriminals into spending their time in a place where they couldn’t do much harm. But
attackers have caught on and know a honeypot when they see one. Today’s deception
technologies feature decoy devices that you can place within a production environment. For
example, if you have a /24 subnet that can host 254 devices, but you are only using 100 of the IP
105
