Innovative attackers
"Many of the organisations breached have invested in layered security at their network perimeter, and have the latest technologies deployed. Unfortunately, attackers are constantly innovating and have access to many of the defensive technologies used today. This allows them to develop methods to circumvent these technologies as quickly as they are being deployed, rendering many of them useless," explains Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks.
"Locking down the perimeter of the network to keep threats out is virtually impossible given modern working practices, BYOD, control applications, billing interfaces and partner connectivity. This list does not include what is often the weak-link, from a security perspective, the human element. Once inside a network, attackers often have a significant period of time to move laterally, establish resilient connectivity and accomplish their goals discretely," he adds.
A critical concern is that while the sophistication of attackers is variable, the energy sector occupies a unique position within critical national infrastructure and both national and global economies, making it a mark for ideologically and politically motivated attacks. Thus, the attacks are at times purely aimed to cause disruption, rather than financial gain for the attacker.
Hamman points out that preparation is key: "While deploying additional technologies to detect or block the latest threats as they enter networks is the approach many organisations continue to take, it is only effective at dealing with the majority of attacks. A determined adversary will however eventually get through these defences."
What is needed, he stresses, is to detect any incursion or anomaly as quickly as possible, wherever it occurs. "Augmenting broad visibility with deep visibility at key locations through packet capture and meta-data extraction can allow the identification of more specific threats, and access to relevant forensic data to aid investigation. But, the data produced needs to be accessible and usable by our security teams," states Hamman.
It therefore becomes imperative that security solutions maximise the effectiveness of scarce security resources and promote workflows that remain oriented around the goal - reducing business risk from cyber attack.
Arbor solutions use visualisation techniques to allow speed-of-thought navigation through large volumes of data, reducing the time spent in the threat validation/investigation process to free up time for more proactive, focused identification of potential problems which may otherwise have gone unnoticed.
1. Always-on network perimeter protection from DDoS attacks - threats such as DDoS and other cyber-attacks need to be detected and blocked before they escalate into costly service outages.
2. Cost-effective internal network visibility and threat detection - the greater your visibility across internal network operations, the better your ability to detect suspicious or malicious activities wherever they occur.
3. Security analytics - speed up the investigation and triage of security events and augment existing threat detection processes with a more proactive 'hunting' approach. Attackers are innovating constantly; maximise the effectiveness of your security resources to counter this innovation by giving them interactive visualisations of key security data, so that threats can be identified, understood and contained more quickly.
