Identify the Most Probable Threats to an Organization
Two weeks ago I was in the cinema watching the movie Moneyball. The movie is all about the story of Oakland A's general manager Billy Beane's successful attempt to put together a baseball club not based on collected wisdom of baseball insiders (including players, managers, coaches, scouts, and the front office) but rather by choosing the players and the game plan based on each player statistics such as on-base percentage and slugging percentage.
I'm not a big expert in the game of baseball, but in the security arena it is a well-known fact that statistics should also be part in decision making. One of the steps that should be taken as part of organization risk assessment should include identification of the most probable threats to an organization's assets. This assessment should result in a score that represents quantified risks that will be a part of the decision making process.
It is clear that we cannot gain a security suite that will give us 100% protection, but we need to minimize the risk waiting at our doorway. In order to do that we need to use a score mechanism that will help us make the right decision.
In the last decade the Internet has become a phenomenon that has significant effect to most of the people around the world. Most of us store our personal information on Facebook, buy our clothes on ecommerce sites, and manage our bank accounts from the web. The Internet is available to all, therefore the risks that are folded in its very existence derive from its power. Organizations that have open a door to this platform need to understand the risks that are out there, and make sure the proper controls are in place.
According to Symantec report 2010:
“A growing proliferation of Webattack toolkits drove a 93% increase in the volume of Web-based attacks in 2010 over the volume observed in 2009. Shortened URLs appear to be playing a role here too. During a three-month observation period in 2010, 65% of the malicious URLs observed on social networks were shortened URLs.”
According to Sophos Security Threat Report 2012:
“According to SophosLabs more than 30,000 websites are infected every day and 80% of those infected sites are legitimate."
According to McAfee Threats Report, Third Quarter 2011:
“Last quarter McAfee Labs recorded an average of 7,300 new bad sites per day; in this period that figure dropped a bit to 6,500 sites, which is comparable to the same time last year. In August we saw an average of more than 3.5 sites rated “red” each minute."
When numbers and statistics are part of the decision making process we should take under consideration the information presented above emphasizing the fact that threats on the Internet are increased exponentially. This obligates us to choose the right controls for our organization, making sure our security filters suited to this job.
- Or_Katz_68859Historic F5 AccountApplying the right controls to mitigate threats is not always as trivial as expected, a good example for that can be found when web application (a one that is exposed to the threats described in my post) is being protected solely by security filter such as IPS being a good security solution but not the one that can mitigate a wide range of web application security vulnerabilities. These web application threats need to be addressed by Web Application Firewall, one candidate that cross my mind is F5 Application Security Manager (ASM).