Security Zombie Apocalypse | Instart Logic

1
SECURITY ZOMBIE APOCALYPSE
BY HARIHARAN KOLAM
2
The RSA conference 2015 took place last week at
the Moscone Center in San Francisco, and is one
of the most important IT security conferences in
the world. The conference has consistently
attracted the worlds best and brightest in the
field and this year was no different. I braved
the crowds and spent some time immersing myself
in the dynamic setting and adrenaline rush that
surrounds RSA. As always, this was a great
opportunity to get a pulse on the latest and
greatest happenings in the world of security.
3
From a trends perspective, cloud security (not
surprisingly) continues to be a hot topic of
discussion. Enterprises are adopting cloud
aggressively by using cloud-based applications
and infrastructure. But this in turn is creating
its own set of security challenges. I saw several
companies at the conference that are focused on
addressing this problem by building cloud
security infrastructure, tools for security
forensics, analytics and automation, all to
detect and defend. Our ProxyWall  which we
announced late last year, includes Web
Application Firewall (WAF) and origin protection
capabilities, and uses a similar approach to
defend applications from the cloud. Cloud-based
protection entails monitoring events from a
multitude of sources, detecting anomalies in them
and then using the anomalies to build enforceable
security policies. The volume of data and events
to be monitored is huge, and detecting anomalies
in this setup essentially is analogous to finding
a needle in a haystack (with the shape, form and
color of the needle continuously changing). A
high incidence of false positives evidently is a
huge problem and enterprises are using big data
technologies and tools extensively to address
this. The proliferation (and potential) of big
data in implementing enforceable security
policies is quite real and I saw a large number
of security vendors at RSA that offer diverse
capabilities for this. Clearly, the solution is
far from perfect. I found it particularly
interesting that more and more people are
assuming the imperfect solution to be the norm.
Attacks are becoming increasingly sophisticated.
Simply relying on patterns and anomalies to
detect and defend against these constantly
shape-shifting attacks is not the best strategy.
 
4
A quick review of some of the prominent attacks
over the last year reveals exactly that. The Ebay
redirect attack resulted in significant negative
press for the company as many of its buyers
credentials were leaked. This particular phishing
attack exploited a vulnerability that executed
malicious code on users browsers. The Anthem
data breach, which compromised the credentials of
80 million customers, is suspected to have been
started by a phishing attack on internal Anthem
employees. Twitters recent account
hijack significantly corroded the companys
brand, as the compromised user was none other
than its own CFO. All the companies that I list
above have invested heavily in security, yet the
malicious code was able to creep through the
defenses and reach the user. Once that happens
and the application is compromised on its way to
the user, there is no defense against it. The
damage in all of the above cases was quite
significant. A very apt analogy in this context
comes to mind. Many of you might have seen the
movie World War Z where the Israelis fortify the
Jerusalem wall, yet the zombies, being extremely
persistent, find a way to penetrate nonetheless.
You get my point -). We collectively as an
industry have made much progress in the security
realm, yet much more remains to be done.
The theme this year at RSA was quite provocative
and questioned the status quo challenge
todays security thinking. As the number of
variables (events, metrics, data) to detect an
attack continuously increases, compounded with
more sophisticated attacks and attackers, your
security strategy cannot just be about piling on
layers of defense. A strategy that assumes a
compromised application can be prevented from
reaching the user is flawed. How to limit damage
when a compromised application manages to creep
through the layers of defense has to be critical
to any good security strategy.
5
Learn more about ProxyWall