Q&A: Information Security Threats and Management

Ron Meyran, Security Product Manager at Radware, a provider of integrated application delivery solutions for business-smart networking, discusses the most significant information security threats, security management, and more.

What do you see as the most significant information security threats today?
The most significant information security threats today that we see are:
Information theft – Trojan horses, phishing campaigns, SQL injection and other network attacks all aim to acquire confidential user information either by stealing it or by persuading innocent users to provide it to unauthorized parties.
Denial of service – online businesses are the prime target of network and application misuse attacks facilitated by mega botnets. These attacks overuse network bandwidth resources or application resources, eventually denying legitimate user access to online services.
Authentication defeat – through brute force attacks that aim to break a service authentication scheme by systematically guessing user credentials.
Malware spread – the use of legitimate web sites, mails and Web 2.0 applications to distribute Bot malware, Trojans and other unwanted malware.

In your opinion, how important is security management in the overall security architecture?
Security management is the only real chance for enterprise to build an effective security architecture that can fight existing and emerging network threats. Enterprises that process credit card information, for example, are required to comply with PCI DSS requirements. However PCI DSS compliance does not guarantee that credit cards information is really safe: Heartland Payment Systems company was the victim of a hacking attempt that exposed information from more than 100 million credit and debit cards (reported January 20, 2009). And they were PCI compliant.

Security management is the dimension that brings intelligence into the equation: network security tools are designed to detect and respond to rules that are broken. They cannot detect service misuse attacks nor can they trace attacks that do not rely on application vulnerabilities due to a very simple reason: they do not break any rules.

Security management therefore should be used to validate the correct implementation of network security tools to detect abnormal activities, even if they fully comply with application rules, and to improve the security architecture making it more robust and sensitive even to the low and slow attacks that aim to compromise the IT infrastructure.

What is the biggest challenge in protecting sensitive information at the enterprise level?
The main challenge protecting sensitive information by enterprises is detecting the low and slow attacks that do not exploit any application vulnerability or rule and therefore, go undetected by security radars. Many of these attacks are generated by internal users but not only so. Trojans horses and Brute force attacks that aim to defeat authentication schemes, web application hacking and more – all are “silent” tools that do not exploit any application code vulnerability (and therefore will not be detected by standard security tools) but use legitimate application transactions for malicious purposes.

How vulnerable are web applications to the current threat landscape?
Web applications are the vehicle used to facilitate the majority of online services, and hence, they become the prime target of network attacks including: web application vulnerability exploitations, SQL injection, web application hacking, brute force attacks, HTTP page floods. Looking back to the threat landscape mentioned above one realizes that all threats are relevant to web and web enabled applications.

Where do you see the current security threats your products are guarding against in 5 years from now? What kind of evolution do you expect?
Our forecast is that attackers will continue using botnets to facilitate network attacks. However the sophistication level in creating “artificial user” attacks will grow. The “artificial user” phenomena has a much larger impact ranging from advanced application layer DoS attacks to competitive intelligence, “robotic gambling” , bid robots, advertising click robots, information theft , SPAM activities, SPIT activities and general misuse of application memory and CPU resources – all which have immediate negative affects on business revenues.

We see the evolution moving from authenticating a session based on its IP address to the user level. Today network security tools detect and block attacks using the IP addresses of the attacking sources in conjunction with additional attack “footprint” information such as service ports, type of request and request content. Mitigating emerging threats such as the fake user cases requires deploying intelligent detection and prevention countermeasures at the application level (such as challenge response algorithms) that allow only real users to pass them.