Story image

Preventing data theft by combining network and application layer security

18 Jan 18

Article by Neustar Australian general manager Robin Schmitt

The rise of cloud technologies, internet of things (IoT) and software-defined infrastructures has powered digital transformation, creating vast opportunities for today’s organisations. Similarly, cyber-criminals have taken advantage of the changing landscape, continually increasing the complexity of attacks to achieve unprecedented success.

For instance, looking back to 2015, cyber-criminals may orchestrate a volumetric DDoS attack to overload the network layer crippling the target, effectively taking the site off-line. Defences have improved, yet the changing technology landscape allowed for unprecedented DDoS attack volumes in 2016, passing 1Tbps.

In 2017, cyber-criminals progressively transformed their tactic to achieve even greater levels of success through complex multi-vector attacks, combining network and targeted application layer attacks.

With network layer DDoS attacks (OSI Layers 3 & 4), the aim is to send malicious packets over different network protocols in order to take up all of the target's bandwidth and cause the website to become unavailable due to traffic overload.  

On the other hand, application layer attacks (OSI Layer 7) are caused by a hacker exploiting a specific vulnerability in an existing function within an organisation’s web presence and disabling the function or feature to achieve their objective, often focused on data theft or ransom. Application layer attacks are also the most difficult attacks to detect, providing little warning before creating chaos.   

Combining network and application layer attacks to craft more complex attacks has paid off, rewarding criminals with an increase in network breach and data theft.

This was illustrated by the findings of the latest Neustar research report, ‘Global DDoS Attacks & Cyber Security Insights Report’.The report revealed a massive 27% increase in breach incidents experienced in concert with DDoS attacks, with theft rising to 58%, as compared to 49% last year.

No doubt the upcoming notifiable data breach legislation has put an extra level of pressure on Australian businesses to mitigate the threat of inevitable attacks on their network and those directed at the web application layer. With the upcoming implementation of the NDB, organisations across Australia risk losing not only sensitive company and customer data, but millions of dollars in fines.

Protecting against application layer attacks with a Web Application Firewall    

It is encouraging that most businesses seem to have taken the initiative and are starting to invest in proactive defence technologies.

Protection against application-layer threats has increased significantly, with Web Application Firewall (WAF) solution deployments nearly tripling in the past year, according to a recent Neustar report. This rise has solidified the need for protection from what has quite rapidly become the most exploited layer in the network stack.   

Using a WAF can prevent attacks that take advantage of web application security flaws like SQL injections, cross-site scripting and security misconfigurations.

Every second counts when you're under attack and you should have the capacity to neutralise threats fast, without reducing network performance or impacting customers’ experience. A good WAF solution will enhance your response time and not drag it down. It will quickly stop application layer attacks before they can penetrate, disrupt or devastate business operations and brand reputation.

As the incessant stream of bots and breaches continue to grow larger and more frequent, it’s important to reassess your integrated security strategy. Adding the layered protection of a WAF to your current defences will help to fend off exploits, while also enabling you to ensure you aren’t the next organisation to make headlines.

Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
APRA Prudential Standard CPS 234: How to communicate with the board
The Australian Prudential Regulation Authority’s standard, CPS 234, is aimed at minimising the threat of cyber attacks for APRA-regulated entities.
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.