In today's growing market, we are seeing customers of all sizes migrate to the cloud for a variety of reasons. The cloud is certainly showing its value in the market, from the small developer looking for a free, disposable, or cost efficient server to large corporate customers looking to optimize IT agility and expenses.
Unfortunately, whether it's cloud or traditional managed services, many clients opt for nothing more than an anti-virus application and perhaps a firewall to cover their information security compliance requirements. However, as attacks grow more sophisticated and Advanced Persistent Threats (APT) grow more prevalent, using nothing but anti-virus and a firewall can leave gaps in your security profile, exposing you and your customers to unnecessary risks.
To get an idea of the risks you might face, consider this article - MySQL servers hijacked with malware to perform DDoS attacks. In this case, the attacker was able to upload a Trojan Horse application directly into a database, most likely through a SQL injection. An Intrusion Prevention System (IPS), unlike an anti-virus application, would have detected the SQL injection attempt and blocked it at the web interface. However, because the system was inadequately protected, the attacker slipped the Trojan Horse past the web server.
You still might ask why the anti-virus did not stop the attack? One reason is that the database itself, and sometimes the data folder, is rarely scanned by anti-virus applications for performance reasons. This could explain why the attack was successful. There are also variants of Trojan Horses that evade anti-virus because of the altered file signatures. Proper systems administration may have helped, but it's often tough for small companies to support an IT shop capable of staying ahead of an APT. For many corporate entities there is also the burden of rigid change management policies that either delay necessary changes or stifle them altogether.
Another growing market is the Cyber-Insurance industry, which is being propelled by several high-profile data losses such as those affecting several big name enterprises this year. As insurance underwriters learn more about the risks involved and the tools available to mitigate losses, they are also becoming more stringent when determining who they'll insure.
Case in point - As Cybercrime Proliferates, So Does Demand For Insurance Against It; Source - NPR, October 12, 2015.
From the article:
“A company looking for coverage…first needs to figure out its cyber risk profile, then put protections and protocols in place and educate its workers. In fact, companies may not even be able to buy insurance unless they have that all in place.”
This is where the need for more advanced protection comes into play. A variety of controls are available to help combat these risks and help prevent your project, business, or customers from being the next victim.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are an effective way to mitigate your risks. IDS and IPS are similar to anti-virus in that they use pattern recognition and other threat identification techniques to block attacks. Unlike most anti-virus applications, IDS and IPS work at the network level, either on the host or on dedicated hardware, instead of the application level. IDS and IPS are also really good at detecting behavior through rules based and heuristic analysis, rather than a specific file signature.
In the following demo I illustrate how ineffective anti-virus can be, as well as the relative ease with which an attacker can compromise a system.
Other levels of protection could include File Integrity, Web Reputation, and Log monitoring, each of which are additional pieces in a well-protected system. For instance, File Integrity can help protect the Windows registry from being modified in a malicious way or Web Reputation can prevent a server from downloading content from a known source of malware.
Of course adopting these technologies can be time-consuming, expensive, and complex. To help reduce this burden and make the Internet safer for us all, we decided to tackle those complexities and make them as simple as possible for our customers.
Here at CenturyLink we are dedicated to delighting our customers and we recognize that their success is our success. Our recently released client-based IPS/IDS product is available to help protect your systems without the need to know how to manage or install an Intrusion Prevention Suite. We'll take care of the hard work so you can worry less. Get started today!
Kevin White, Certified Ethical Hacker CenturyLink Client Security Feature Team