Preventing data theft by combining network and application layer security
Article by Neustar Australian general manager Robin Schmitt
The rise of cloud technologies, internet of things (IoT) and software-defined infrastructures has powered digital transformation, creating vast opportunities for today’s organisations. Similarly, cyber-criminals have taken advantage of the changing landscape, continually increasing the complexity of attacks to achieve unprecedented success.
For instance, looking back to 2015, cyber-criminals may orchestrate a volumetric DDoS attack to overload the network layer crippling the target, effectively taking the site off-line. Defences have improved, yet the changing technology landscape allowed for unprecedented DDoS attack volumes in 2016, passing 1Tbps.
In 2017, cyber-criminals progressively transformed their tactic to achieve even greater levels of success through complex multi-vector attacks, combining network and targeted application layer attacks.
With network layer DDoS attacks (OSI Layers 3 & 4), the aim is to send malicious packets over different network protocols in order to take up all of the target's bandwidth and cause the website to become unavailable due to traffic overload.
On the other hand, application layer attacks (OSI Layer 7) are caused by a hacker exploiting a specific vulnerability in an existing function within an organisation’s web presence and disabling the function or feature to achieve their objective, often focused on data theft or ransom. Application layer attacks are also the most difficult attacks to detect, providing little warning before creating chaos.
Combining network and application layer attacks to craft more complex attacks has paid off, rewarding criminals with an increase in network breach and data theft.
This was illustrated by the findings of the latest Neustar research report, ‘Global DDoS Attacks & Cyber Security Insights Report’.The report revealed a massive 27% increase in breach incidents experienced in concert with DDoS attacks, with theft rising to 58%, as compared to 49% last year.
No doubt the upcoming notifiable data breach legislation has put an extra level of pressure on Australian businesses to mitigate the threat of inevitable attacks on their network and those directed at the web application layer. With the upcoming implementation of the NDB, organisations across Australia risk losing not only sensitive company and customer data, but millions of dollars in fines.
Protecting against application layer attacks with a Web Application Firewall
It is encouraging that most businesses seem to have taken the initiative and are starting to invest in proactive defence technologies.
Protection against application-layer threats has increased significantly, with Web Application Firewall (WAF) solution deployments nearly tripling in the past year, according to a recent Neustar report. This rise has solidified the need for protection from what has quite rapidly become the most exploited layer in the network stack.
Using a WAF can prevent attacks that take advantage of web application security flaws like SQL injections, cross-site scripting and security misconfigurations.
Every second counts when you're under attack and you should have the capacity to neutralise threats fast, without reducing network performance or impacting customers’ experience. A good WAF solution will enhance your response time and not drag it down. It will quickly stop application layer attacks before they can penetrate, disrupt or devastate business operations and brand reputation.
As the incessant stream of bots and breaches continue to grow larger and more frequent, it’s important to reassess your integrated security strategy. Adding the layered protection of a WAF to your current defences will help to fend off exploits, while also enabling you to ensure you aren’t the next organisation to make headlines.