Why application attacks are punching through traditional firewall-based approaches to security
Here at F5 we’ve written about how evolving technology has impacted enterprise security a few times before but I think there are aspects of it that bear repeating.
In particular the increase in mobility, and therefore applications that workers use to access important data while working from laptops, tablets and smartphones, has affected the how, what and where of security.
The increase in usage of web applications, both internally and externally, has opened businesses up to new attack vectors, and many products on the market simply don’t do a great job of protecting against them.
Historically businesses have relied heavily on traditional security approaches to keep them safe, namely anti-virus and firewalls. But recently both of those approaches have come in for severe criticism about their effectiveness when it comes to more modern cyber attacks that target emerging enterprise technologies.
In fact, security companies themselves are questioning how effective traditional approaches are. Brian Dye, SVP of information security at Symantec, recently said that anti-virus “is dead” because cyber criminals are changing their approach, rejecting malware in favour of more targeted attacks that aim to steal mission-critical data and DDoS attacks that aim to disrupt a service.
Firewalls, too, have come in for criticism. Traditionally firewalls have protected the network layer, focussing on port management and, essentially, keeping the bad guys off the network via a blacklist. The problem is that isn’t really sufficient these days because so much critical data now resides on the application layer, which firewalls don’t do a great job of protecting.
That’s because many firewalls don’t focus on user session data or entire requests, instead focusing on just the packets travelling along the wire. As we have highlighted before, that doesn’t provide the application-specific knowledge required to tell a good request from a bad one.
Something like a dedicated Application Security Manager can provide all the detail needed regarding what it going on at the application layer. It can provide geo-location data, helping to provide greater details about attacks and stop them from causing too much damage. This extra detailed gathered is vital for any company that hosts sensitive customer data and therefore needs to adhere to regulatory compliance and data protection laws.
Application Security Managers have a much greater understanding of user context than traditional firewalls do, meaning granular policies that govern access can be extended to cover web applications, as well as taking into consideration other factors such as the location of a user and the type of device they are accessing applications from.
Essentially what products like this do is provide businesses with peace of mind and full confidence that they are able to withstand attacks aimed at the application layer. That’s something traditional firewalls and other security approached cannot claim.
- Bamiller_156529Historic F5 AccountThe AV is Dead was taken a bit out of context. There is a much more detailed write up here.http://news.softpedia.com/news/Is-Antivirus-Really-Dead-440960.shtml It my understanding that this comment is based on the old AV Signature model, where the AV product is just looking for a string match. I would guess the Top 3 AV companies moved away from this technology over 3 years ago. They now are using reputation technology , where an AV product now tracks the Good files and sandboxes the Unknown files. Also Sandboxing apps, not allowing them to modify the OS is now considered AV. F5 does a great job at protecting the servers/apps with ASP, but this does nothing for the desktops. ( unless you add in WebSense). I am not going to stop using an AV product in hopes that the company on the Server side is using ASP and keeping their servers secure. Most Web hosting facilities do very little to protect the Web Servers and only offer security at an additional price. I agree that Signature based AV is dead, but AV will be around for a long time. It has just morphed into something new. F5 also offers a Base DLP- Data Loss Prevention component. But a dedicated DLP solution is what is really needed to protect sensitive PCI type data. IE your comment about adhering to regulatory and compliance laws. We at F5 are off to a good start but there are still a few specialty product that can do better. Maybe some new Partnerships are in order? I enjoyed your article, Thanks. Barry Miller