ACHIEVING CYBER SECURITY READINESS WITHIN AN EVOLVING THREAT LANDSCAPE

Similar documents
Cybercrime Security Risks and Challenges Facing Business

Firewall Testing Methodology W H I T E P A P E R

GETTING THE PERFORMANCE YOU NEED WITH VDI AND BYOD

Application Security in the Software Development Lifecycle

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Protecting Organizations from Cyber Attack

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Anti-exploit tools: The next wave of enterprise security

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Mobile Devices and Malicious Code Attack Prevention

Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing

Managing Web Security in an Increasingly Challenging Threat Landscape

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

The Importance of Cybersecurity Monitoring for Utilities

The Four-Step Guide to Understanding Cyber Risk

The Hillstone and Trend Micro Joint Solution

What is Really Needed to Secure the Internet of Things?

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

DeltaV System Cyber-Security

White Paper. Five Steps to Firewall Planning and Design

Beyond the Hype: Advanced Persistent Threats

Energy Cybersecurity Regulatory Brief

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

How To Prevent Hacker Attacks With Network Behavior Analysis

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Defending Against Cyber Attacks with SessionLevel Network Security

What Do You Mean My Cloud Data Isn t Secure?

Is your business secure in a hosted world?

Analyzing HTTP/HTTPS Traffic Logs

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Internet threats: steps to security for your small business

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

Unknown threats in Sweden. Study publication August 27, 2014

Endpoint Security Management

TLP WHITE. Denial of service attacks: what you need to know

Network Instruments white paper

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Top five strategies for combating modern threats Is anti-virus dead?

Advantages of Managed Security Services

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Enterprise Security Platform for Government

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Cyber and Mobile Landscape, Challenges, & Best Practices

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Deploying Firewalls Throughout Your Organization

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Guideline on Safe BYOD Management

CYBER SECURITY FOR VIRTUAL AND CLOUD ENVIRONMENTS

RETHINKING CYBER SECURITY

How To Test For Security On A Network Without Being Hacked

Endpoint Threat Detection without the Pain

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

ITAR Compliance Best Practices Guide

Breaking the Cyber Attack Lifecycle

On-Premises DDoS Mitigation for the Enterprise

Juniper Networks Secure

The Advantages of a Firewall Over an Interafer

Botnets: The dark side of cloud computing

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Frontiers in Cyber Security: Beyond the OS

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Radware s Behavioral Server Cracking Protection

Hacking the Industrial SCADA Network II The Latest Threats to Automated Production and Process Management Networks

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Cloud Computing for SCADA

How to Evaluate DDoS Mitigation Providers:

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Testing Challenges for Modern Networks Built Using SDN and OpenFlow

Marble & MobileIron Mobile App Risk Mitigation

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Advanced & Persistent Threat Analysis - I

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Transcription:

ACHIEVING CYBER SECURITY READINESS WITHIN AN EVOLVING THREAT LANDSCAPE February 2013 Rev. A 02/13

SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com http://www.spirent.com AMERICAS 1-800-SPIRENT +1-818-676-2683 sales@spirent.com EUROPE AND THE MIDDLE EAST +44 (0) 1293 767979 emeainfo@spirent.com ASIA AND THE PACIFIC +86-10-8518-2539 salesasia@spirent.com 2013 Spirent. All Rights Reserved. All of the company names and/or brand names and/or product names referred to in this document, in particular, the name Spirent and its logo device, are either registered trademarks or trademarks of Spirent plc and its subsidiaries, pending registration in accordance with relevant national laws. All other registered trademarks or trademarks are the property of their respective owners. The information contained in this document is subject to change without notice and does not represent a commitment on the part of Spirent. The information in this document is believed to be accurate and reliable; however, Spirent assumes no responsibility or liability for any errors or inaccuracies that may appear in the document.

Achieving Cyber Security Readiness Within an Evolving Threat Landscape CONTENTS Executive Summary... 1 Cyber Security Readiness... 1 The Evolving Threat Landscape... 3 Government Involvement... 3 Cloud Computing... 4 Bring Your Own device... 5 Responding to New Threats... 6 Achieving Cyber Security Readiness Through Testing... 8 Conclusion.... 10 SPIRENT WHITE PAPER i

EXECUTIVE SUMMARY CYBER SECURITY READINESS Cyber security is evolving rapidly owing to three key trends: Government interest and involvement in cyber security is expanding due to considerations of national security, including the need to protect government and corporate networks from threats of cyber espionage and cyber warfare. Cloud computing imposes a layer of abstraction over a physical network, presenting an amorphous environment where the requirements for cyber security are anything but straightforward. The growing tendency of employees to access corporate networks with personal devices significantly increases the sheer number of devices that need to be secured and greatly expands the potential for introducing compromised equipment. This white paper examines the implications of these trends for security processes and presents a number of recommendations for the development and use of security test tools. In summary, test tools must emulate sustained real-world attacks on large numbers of devices, including attacks native to virtualization and BYOD environments. They must also keep track of known network vulnerabilities and allow for easy updates to address new threats as they are discovered. Corporate and government networks are literally bombarded with security threats. Denial of service attacks flood networks and hosts with unwanted traffic, rendering them slow or inoperative. Corporate data including customer information is routinely stolen and compromised. Bank accounts are accessed and drained. Attacks targeting classified government information and critical economic infrastructure are becoming routine. The true cost of these attacks is hard to quantify, as organizations are understandably shy about providing this information, but estimates run into the hundreds of billions of dollars annually for the US alone. 1 SPIRENT WHITE PAPER

Following are a few examples of the types of threats networks are experiencing: A series of attacks dubbed Night Dragon originated in China. Beginning in November 2009, hackers were able to take over servers in the US and the Netherlands to launch attacks on oil, gas and petrochemical companies and obtain sensitive confidential information. A Trojan horse named Zeus has been used since 2007 to steal information from the US Department of Transportation, Bank of America, NASA and other large organizations. More recently several US Banks experienced denial of service attacks, allegedly initiated from Iran, despite their sophisticated defenses. The attacks slowed servers and impacted customer service. These examples are just the tip of the iceberg. To get a rough idea of the scale of the problem, Symantec claims to have blocked over 5.5 billion malware attacks in 2011, an increase of 81% over 2010. The cost of such attacks to both federal organizations and corporations can be considerable in terms of denied service to customers, inability to access internal resources, compromised information and impaired reputation. It is no exaggeration that the survival of a business might depend on effective cyber countermeasures. The implications for national security are even more frightening. In the words of President Obama: It doesn t take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we ve seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill. Critical to the success of cyber countermeasures is the ability to test the capacity of networks, hosts and applications to withstand the various known cyber attacks. Passive means like corporate firewalls, while still necessary, are not sufficient in such a threat-rich environment. SPIRENT WHITE PAPER 2

Indeed, this fall the European Network and Information Security Agency launched Cyber Europe 2012, a massive denial of service attack aimed at more than 300 European public and private institutions to assess their robustness to cyber threats. However individual network test teams continue to employ the test processes and procedures they know. Unfortunately with millions of applications, devices and users active on the Internet, and thousands of attacks being discovered every day test teams are struggling to quickly and effectively test the security aspects of their cloud applications and infrastructure. In addition to the sheer numbers of new attack vectors, the nature of cyber security continues to change. In order to maintain cyber security readiness, test teams must understand the evolving threat landscape and appropriately update their approaches to security testing THE EVOLVING THREAT LANDSCAPE The cyber threat picture, like the IT industry itself, is in a constant state of flux, making it difficult to keep track of newer threats and new variations on existing threats, let alone develop effective countermeasures. However three key trends can be identified that we expect to have a significant effect on the evolving threat landscape: government involvement, cloud computing, and user of personal mobile devices at work. Government Involvement Governments have a critical need to protect industrial infrastructure and national security from cyber attacks. Governments need to withstand and, where appropriate, initiate sophisticated information-based attacks. Fortunately, they have the deep pockets necessary to achieve this. Indeed, the very nature of war is beginning to evolve from a focus on conventional warfare to a rapidly increasing emphasis on cyber warfare, i.e., attacking the enemy s information capabilities and, of course, protecting your own. For these reasons, governments are expected to play an increasingly influential role in the future development of cyber security. 3 SPIRENT WHITE PAPER

The Stuxnet worm was part of the US-Israeli Operation Olympic Games, a series of cyber attacks on Iran s developing nuclear capability. Stuxnet was aimed at Siemens supervisory and control (SCADA) equipment and represents the first large-scale attack on another country s industrial infrastructure. It is hard to overestimate Stuxnet s significance and probably not an exaggeration to say that it ushered in the age of cyber warfare. While Stuxnet did indeed damage Iran s nuclear infrastructure despite denials this type of attack is a two edged sword. Stuxnet managed to find its way into the internet and affect equipment in several other countries besides Iran. Moreover other countries notably Russia and China are believed to have the ability to launch such an attack at US infrastructure, and several others are believed to be working on such a capability. Governments need to be concerned with all types of malware that infect corporate networks e.g., viruses, worms and Trojan horses and, especially where classified information is at issue, guard against data loss and compromise. The size and scale of government networks including military networks and the sensitive nature of classified information, requires governments to be concerned with very sophisticated attacks, involving multiple vulnerabilities Uniquely, governments need to address cyber espionage and cyber warfare and, as such, need to develop both offensive and defensive capabilities wearing black hats and white hats at the same time. Cloud Computing Cloud computing refers to the delivery of computing resources as a service over a network and typically employs virtualization technology, where the physical infrastructure of the network is overlaid with virtual resources, such as virtual machines, virtual hosts and virtual networks. Users and applications access virtual resources in the same way as they would access physical resources, unaware of the physical hardware that is actually in play. Cloud computing exploits multi-tenancy, where a large number of geographically distributed users share the same hardware resources, permitting efficient use of hardware, and centralization of resources in lower cost locations. SPIRENT WHITE PAPER 4

However it adds additional challenges with respect to security: The virtual environment often changes rapidly in the face of varying loads on the physical resources, so end users and even administrators are not always aware of the exact physical hardware and software configuration that runs the virtual infrastructure. Much data is moved between on-premise equipment and cloud data centers, making it vulnerable to outside hacking. The virtualization software the hypervisor is itself a potential target for a cyber attack. User access to security log files within multi-tenant public clouds may be inconvenient or impossible. Owing to its clear economic advantages, use of cloud computing by enterprises is growing rapidly, even to the point where corporate users are circumventing their IT organizations and employing cloud services without approval, presenting an additional security problem. Nonetheless, ensuring corporate security is every bit as critical for off-premise cloud environments as it is for on-premise networks. It is just more difficult. Bring Your Own Device Bring Your Own Device (BYOD) refers to the growing use of personal mobile devices at work typically smart phones, tablets and laptops and their need to access the corporate network. This trend has its advantages in saving businesses money on personal devices and offering employees a choice in selecting them, but it presents a number of security challenges: Devices may be independently compromised and then used to access the network, e.g., phones that may have accessed unsecured Wi-Fi hotspots. Lost personal devices may contain proprietary data which is then compromised. The proliferation of new types of devices makes it hard to keep track of them and develop appropriate security procedures. New hand-held technologies, such as Android and Apple ios, present new vulnerabilities and opportunities for security breaches. The sheer numbers of mobile devices that might access a network at any given time present a scaling problem, making it difficult for a security tool to keep track of all of them. We feel that these three trends government involvement, cloud computing and BYOD present some of the greatest challenges to cyber security in a rapidly evolving environment and that an understanding of their implications is necessary to the design of effective countermeasures. 5 SPIRENT WHITE PAPER

RESPONDING TO NEW THREATS Cyber threats continue to evolve with the rapid development of information technology. As the bad guys discover and exploit new vulnerabilities, the good guys need to develop products and procedures to meet the ever-expanding threats. Most damaging are zero day attacks, which exploit hitherto unknown vulnerabilities. Here the hacker gets ahead of the developer, allowing zero time to fix the vulnerability. Government and enterprise IT teams need to find and implement process-based solutions, not just product (anti-virus/ips) and consulting-driven solutions (penetration testing/compliance). What is really needed is an understanding that network security is an ongoing process rather than simply a product or service that can be purchased. Security testing is a critical component of the process. Ongoing security processes should include the following set of related considerations: Ease of Use: Security processes should be designed for the skill levels of the personnel tasked with carrying them out. They need to be userfriendly, easily deployed and well-documented. Given the rapidly changing nature of the field, they need to be reviewed frequently and updated as necessary. Tools need to be designed for easy updating in order to address new threats as they are detected and recognized. DDoS Protection: Distributed denial of service is a powerful attack technique that attempts to deny the service provided by a particular network resource by attacking it from multiple sources, compromising both the target and the commandeered sources. DDoS countermeasures need to focus on minimizing downtime associated with DDoS attacks by employing techniques to: Prevent DDoS attacks in the first place Detect DDoS attacks that survive preventive measures Recover from DDoS attacks where prevention has failed, and Update preventive methods based on assessments, tests and experience SPIRENT WHITE PAPER 6

Fuzz Testing: Fuzz testing refers to the automated launching of large numbers of random attacks involving invalid or unanticipated variations on legitimate traffic. Fuzz testing identifies new vulnerabilities hopefully before the hackers do and provides a general indication of the health of the system or network under study. It is effective at detecting dramatic failures such as system crashes, but often fails to discover more subtle problems. Fuzz testing should be incorporated into test tools and executed on hosts, networks and applications periodically or on as-needed basis. Published Vulnerability Testing: Vulnerability assessments, both automated and manual, identify and prioritize network vulnerabilities. They should be conducted periodically and after security updates and used to generate comprehensive reports and databases identifying known vulnerabilities that can be exploited by a hacker. The reports should be made available to staff and, where appropriate, equipment vendors. Vulnerability testing should be accompanied by manual penetration tests designed to exploit detected vulnerabilities. In effect, the tester emulates a hacker in order to verify a vulnerability and assess the associated risk. Vulnerability testing is a good complement to fuzz testing. Mobile Emulation: The revolution in the use of mobile devices and the need for BYOD policies presents a new battleground, where mobile devices of varying types and in large numbers are demanding access to the network. To address this trend, network security policies need to address appropriate firewall capabilities, encryption of the various access technologies and device certification. Security testing methodology needs to complement these policies by employing emulators that present the sort of attacks likely in an environment with a very large number of access devices. Particular attention should be paid to protection against mobile malware as incidences of these attacks are skyrocketing. Actionable Results: Of course none of the security testing processes described above is of any value without actionable results. Test teams need reports that clearly identify any detected vulnerabilities and include as much information as possible on how to respond. Procedures for incorporating fixes with as little downtime as possible must be defined, documented, and updated as necessary. 7 SPIRENT WHITE PAPER

ACHIEVING CYBER SECURITY READINESS THROUGH TESTING Testing needs to expand to address the newer challenges posed by increasing government involvement, the rise of cloud computing and the demands placed on the network by BYOD trends. In addition to technology to prevent or neutralize attacks, there remains a real need for test tools that emulate attacks to verify the integrity of the techniques in place. Testing techniques need to emulate attacks that address all aspects of cyber security. Tests need to be designed that attempt to breach network perimeters, compromise internal assets, and circumvent data extrusion detection mechanisms in as thorough and comprehensive a fashion as possible, attacking applications as well as network infrastructure. Test tools must have sufficient capacity to emulate a large number of simultaneous, heterogeneous and sustained attacks to determine network behavior under an avalanche of attempted breaches. Performance testing is, perhaps surprisingly, another important aspect of security testing. Performance tests must be done with real world application traffic mixed in with attacks. The reality is that attacks do not happen in isolation but along with valid application driven traffic. Increased security control can mean reduced performance in many cases. Therefore security and performance are two sides of the same coin and need to be done together. Testing methodology also needs to get more sophisticated and agile. Test tools need to provide canned tests for known attacks and configurable templates to permit a user to craft specific penetration tests against any active protocol, application or service to address newly discovered attacks. Accurate emulation of real attacks, including spam, worms, viruses, trojan horses and denial of service, is critical to testing whether the preventive mechanisms in place, are, in fact, doing their jobs. Test signatures need to represent as accurately as possible the real threats experienced by the network. SPIRENT WHITE PAPER 8

Malware testing is an additional test activity that should be included to ensure security. This includes replicating malware binaries being sent through firewalls and IPS/IDS devices as payload over HTTP and FTP transports. It also includes replication of the behavior of infected end devices. This latter step is essential to detecting and eliminating advanced persistent threats that may have embedded themselves inside a protected network. Speed of response is yet another key aspect of security testing. Administrators should respond quickly and decisively to new threats. Since threats are constantly changing, the test tools need to be correspondingly agile, constantly addressing new threats by permitting threat configuration by users and by use of fuzzing techniques to vary the attack signatures. Finally, test tools must be comprehensive in their coverage. Cyber threats are numerous and widely variable. Tools need to be as exhaustive as possible in identifying and addressing them. To this end they require a comprehensive repository of test signatures and, of course, the ability to create new ones and variations on old ones as newer threats are identified. Scale is important here too. The tools need to have the capacity to generate a large number of threats of different types over a sustained time period. 9 SPIRENT WHITE PAPER

CONCLUSIONS It should now be clear that achieving cyber security readiness is becoming increasingly difficult, owing to the evolving threat landscape. To address the challenges of increased government involvement, adoption of cloud computing and trends toward BYOD policies, test tools will need to: Present attacks that a network is likely to encounter in the real world Support the capacity to test simultaneously a large number of devices and offer attacks that are massive, heterogeneous and sustained in time Thoroughly assess vulnerabilities and generate appropriate reports and databases Provide a comprehensive repository of test signatures, offering breadth across the universe of known threats and depth in the available variations of each individual threat Permit the creation of new signatures as new threats are identified and possess the agility to quickly emulate new attacks and modify existing attacks Accommodate the rapidly changing nature of virtual networks, offering comprehensive testing in such an environment, including testing directed at the virtualization software itself, and, where necessary, the ability to run the tests from platforms in the virtual environment Present attacks native to a BYOD environment, with particular emphasis on mobile malware SPIRENT WHITE PAPER 10

11 SPIRENT WHITE PAPER

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information