PSN and similar services have huge customer bases and, due to their global nature, have a need to be available 24/7. This makes them very tempting targets for entities looking to create highly visible disruption or to steal large numbers of customer details.
The challenge for these organisations and for any other large enterprise is twofold:
- How to defend against ever evolving threats
- How to do so effectively
Typically, enterprise organisations use a multi-layered approach to defence comprising of cloud based mitigation to help with volumetric attacks and on-premise mitigation to protect their network perimeter using technologies such as firewalls and intrusion prevention systems.
This would be considered best practice.
The second challenge is how to defend effectively. The issue is companies typically have multiple autonomous systems in place, with limited integration and some key functional limitations at each layer. Cloud based solutions, for example, cannot process encrypted traffic unless the enterprise is willing to give the cloud provider access to their private certificate keys (which most are not), hence this traffic gets passed through.
Therefore if an attack is encrypted it is already past the first layer of defence. Most on-premise firewalls have the same limitation: encrypted traffic is allowed through because the firewall typically does not have the capability to inspect the traffic at an application level and so the attack traffic breaches the on-premise protections too.
Finally when we add volume to these attacks and blended attacks - multiple different attacks types at once - to the picture it’s easy to see how enterprises struggle to cope.
So what’s the answer? Contextually-aware defence. In other words, defences that are aware of your applications, how they function and have visibility into the traffic going to and from them including that which is encrypted. Ideally this awareness will span both the cloud and on-premise components, giving better integration and the best possible chance of mitigating attacks before they start impacting service.