Keeping up with the Revolution in IT Security
-
Upload
distil-networks -
Category
Technology
-
view
157 -
download
2
Transcript of Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
Speakers
Rami EssaidCEO & Co-founder
A brief look at previous evolution in IT securityKey trends in app developmentThe impact of these trendsThe potential future of IT security solutions
Agenda
The Evolution of IT Security
Endpoint Security
Network Security
Application Security
Blocking threats targeting devices
Blocking threats trying to access
networks
Blocking threats using targeting
web applications
The Proliferation of Web APIs
The rise of API driven development is making web APIs more common than ever
APIApp Data
Provisioning Configurati
on
Reporting
IntegrationSocial Media
Mobile app
Web APIs need to be included in Security Strategy
API Security can prevent
Malicious and unacceptable API usage
API developer errors from running wild
Automated API scraping from stealing content
Bad guys get more tools to leverage when building attacks and bad bots
Web Browsers are Becoming More Complex
The Evolution of the WebBrowser versions and their TechnologiesSource: http://www.evolutionoftheweb.com
Advanced bots use browser capabilities to evade detection and mimic human behavior
The Impact of Modern Browsers on Security
Bad Bot Sophistication levels, 2014
Leverage Tools Capable of Detecting Advanced Bots
Traditional security solutions (FW, IPS, WAF, etc.) typically lack the proper client visibility necessary to effectively identify advanced bots
Identifying advanced bots and browser automation requires specialized techniques
Approaches to Detecting Bots, by Tier
Modern applications are geographically distributed with data centers wherever customer bases are concentrated
Deployments leverage multiple types infrastructure (clouds, on-prem, hybrid, multi-cloud, etc.)
Architectures are Increasingly Distributed
Flexible deployment options enable complete coverage of diverse web estates
Protection should be standardized acrossall deployments and infrastructure
Security precautions must to be interconnected to share data, not siloed or isolated
Defenses Need to be Interconnected and Versatile
Web applications include a wide variety of frameworks, 3rd party code bases, and plug-ins
Each code base adds potential vulnerabilities into your application
Not all software vendors have the same security controls
Diversity and Complexity of Application Stacks
Assume your application stack is vulnerable
Patch. Patch. Patch.
Minimize the use of 3rd party code
Do not allow unauthorized vulnerabilityscans
Protecting your Stack from Penetration
In a post Snowden world, roughly 9% of Americans have adopted sophisticated steps to shield their information* such as:
○ Using a TOR network○ Using a proxy server○ Using a VPN to obscure origin IP Addresses
Attackers also obfuscate traffic sources with IP Spoofingor using large pools of globally distributed origin IPs
Anonymous Traffic Sources Becoming More Commonplace
Source: *Americans’ Attitudes About Privacy, Security and Surveillance, Pew Research Center, 2015
IP Blocking not effective when dealing with modern threats
Device fingerprinting provides distinct advantages like○Tracking attackers across IP addresses○Detecting bots through anonymous proxy networks○Reducing false positives associated with
humans anonymizing themselves
Advanced Fingerprinting Replacing IP Blocking
Seemingly legitimate IPs and user agents may be imposter bots
Access Control Lists (ACLs) are no longer useful because attackers regularly change IP addresses
Manually updating white/black lists to keep up is tedious and short lived
Access Control Lists have become too Reactive
Whi
telis
t
Bla
cklis
t
Everything Else?
Community sourced attack data aggregation provides more accurate data source for enforcement
Machine learning and self configuration greatly reduced security maintenance overhead
Community Sourced Intelligence Improves Accuracy
Mobile users now outnumber desktop users
Mobile clients are now being used to launch attacks
Mobile sites tend to be easier to scrape
○Less superfluous content○Highly structured and easy
to navigate layouts
Mobile Growth Brings With it Mobile Threats
Source: Comscore, The US Mobile App report
Mobile Bots Arrive in Droves
Bad Bot Self-Reported Browser, 2014 Actual Browser Usage, 2014
Worst Offending Mobile Carriers, Beware of China
Bad Bot Traffic as Percent of Overall Traffic, U.S., China and Rest of World
Precautions should be implemented to extend security strategies to cover mobile websites
Mobile clients need to be subjected to the same scrutiny as other users
Mobile Should not be Overlooked
Increasing amounts of data exist in the cloud and with cloud service providers
What is their data retention policy?
What controls are placed around this data?
Is your web app being exploited to access it?
Proliferation of Data in the Cloud Poses a Security Risk
Avoid storing excessive sensitive data in the cloud
Understand how your cloud service vendors work Use strong passwords
Encrypt data
Don’t let bots scrape your database
Keeping Data in the Cloud Safe
The Ashley Madison breach released 32 million log-in credentials into the wild
Account takeover and transaction fraud have significantly increased
Lost or stolen credentials were already the top cause of data breaches since 2010
Online Fraud Boosted by Ashley Madison Breach
Source: VBIR 2105
Bots are typically employed to try password combinations at other sites looking for valid combos
Implement tools or application code which can rate-limit login attempts
Fingerprinting can be used to correlate login attempts using multiple IPs
Prevent Brute Force Password Attempts
Recapping the Trends and Security Implications
Trends IT Security Implications
API centric development API security
Complexity of browsers Protection from advanced bots and browser automation
Distributed environments Interconnected tools, deployment flexibility
Complexity of application stacks Patching and blocking reconnaissance attacks
Anonymous browsing Device fingerprinting
Access control lists too reactive Community source data feeds, self tuning
Mobile growth Mobile client screening and mobile site security
Data in the cloud Retention policies, encryption, scaping protection
Fraud on the rise Brute force account takeover protection
The First Easy and Accurate Way to Defend Websites Against Malicious
Bots
About Distil Networks
The World’s Most Accurate Bot Detection System
Inline FingerprintingFingerprints stick to the bot even if it attempts to reconnect from random IP addresses or hide behind an anonymous proxy. Known Violators DatabaseReal-time updates from the world’s largest Known Violators Database, which is based on the collective intelligence of all Distil-protected sites.
Browser ValidationThe first solution to disallow browser spoofing by validating each incoming request as self-reported and detects all known browser automation tools.
Behavioral Modeling and Machine LearningMachine-learning algorithms pinpoint behavioral anomalies specific to your site’s unique traffic patterns.
How Companies Benefit from Distil
Increase insight & control over human, good bot & bad bot
traffic
Block 99.9% of malicious bots
without impacting legitimate users
Slash the high tax bots place on
internal teams & web infrastructure
Protect data from web scrapers, unauthorized aggregators &
hackers
www.distilnetworks.com/trial/Offer Ends: October 25th
Two Months of Free Service + Traffic Analysis
www.distilnetworks.com
QUESTIONS….COMMENTS?I N F O @ D I S T I L N E T W O R K S . C O M
1.866.423.0606OR CALL US ON