Story image

Preventing data theft by combining network and application layer security

18 Jan 2018

Article by Neustar Australian general manager Robin Schmitt

The rise of cloud technologies, internet of things (IoT) and software-defined infrastructures has powered digital transformation, creating vast opportunities for today’s organisations. Similarly, cyber-criminals have taken advantage of the changing landscape, continually increasing the complexity of attacks to achieve unprecedented success.

For instance, looking back to 2015, cyber-criminals may orchestrate a volumetric DDoS attack to overload the network layer crippling the target, effectively taking the site off-line. Defences have improved, yet the changing technology landscape allowed for unprecedented DDoS attack volumes in 2016, passing 1Tbps.

In 2017, cyber-criminals progressively transformed their tactic to achieve even greater levels of success through complex multi-vector attacks, combining network and targeted application layer attacks.

With network layer DDoS attacks (OSI Layers 3 & 4), the aim is to send malicious packets over different network protocols in order to take up all of the target's bandwidth and cause the website to become unavailable due to traffic overload.  

On the other hand, application layer attacks (OSI Layer 7) are caused by a hacker exploiting a specific vulnerability in an existing function within an organisation’s web presence and disabling the function or feature to achieve their objective, often focused on data theft or ransom. Application layer attacks are also the most difficult attacks to detect, providing little warning before creating chaos.   

Combining network and application layer attacks to craft more complex attacks has paid off, rewarding criminals with an increase in network breach and data theft.

This was illustrated by the findings of the latest Neustar research report, ‘Global DDoS Attacks & Cyber Security Insights Report’.The report revealed a massive 27% increase in breach incidents experienced in concert with DDoS attacks, with theft rising to 58%, as compared to 49% last year.

No doubt the upcoming notifiable data breach legislation has put an extra level of pressure on Australian businesses to mitigate the threat of inevitable attacks on their network and those directed at the web application layer. With the upcoming implementation of the NDB, organisations across Australia risk losing not only sensitive company and customer data, but millions of dollars in fines.

Protecting against application layer attacks with a Web Application Firewall    

It is encouraging that most businesses seem to have taken the initiative and are starting to invest in proactive defence technologies.

Protection against application-layer threats has increased significantly, with Web Application Firewall (WAF) solution deployments nearly tripling in the past year, according to a recent Neustar report. This rise has solidified the need for protection from what has quite rapidly become the most exploited layer in the network stack.   

Using a WAF can prevent attacks that take advantage of web application security flaws like SQL injections, cross-site scripting and security misconfigurations.

Every second counts when you're under attack and you should have the capacity to neutralise threats fast, without reducing network performance or impacting customers’ experience. A good WAF solution will enhance your response time and not drag it down. It will quickly stop application layer attacks before they can penetrate, disrupt or devastate business operations and brand reputation.

As the incessant stream of bots and breaches continue to grow larger and more frequent, it’s important to reassess your integrated security strategy. Adding the layered protection of a WAF to your current defences will help to fend off exploits, while also enabling you to ensure you aren’t the next organisation to make headlines.

Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.