Putting Attackers In The Spotlight

Putting Attackers In The Spotlight

In a recent Ponemon Institute study most of the organisations surveyed reported an average of almost two successful security breaches in the past two years. And according to a Verizon report, 81% of the breaches its respondents saw utilised some form of hacking and, most worryingly, 85% of them took weeks or more to discover. In that time a hacker could take an awful lot of intellectual property from an organisation’s data centre.

The problem is existing security products address only part of the security challenge. New threat types leveraging web applications require additional defences because the ones typically deployed are ineffective. Reputation feeds, for example, rely on IP addresses, but we know that more than one person could be using an IP address. Signature-based solutions throw too many false positives to be useful in many cases. Blocking legitimate customers is not a good idea.

So what can be done? Security has to become more innovative, intelligent and dynamic.

Unique fingerprint

The first is a method of ‘fingerprinting’ hackers, as they make their first attack on the network. Using intruder deception software we can use tar traps to identify individuals trying to take malicious action and take them on a wild goose chase, delivering false fronts to them that have nothing to do with the operational web site. As a result of doing this we can create a profile of the attacker device, by giving them a name, rating their threat level and creating a unique fingerprint of the attacker’s device using over 200 attributes.

Precision blocking

Armed with this profile we are now in a position to block the attacker device wherever they might try to enter the corporate network. The profile of a new attacker can be added to the existing databases on perimeter security devices globally, in real-time. For example, if an organisation detects an attack on its data centre in Sydney, Australia, the London data centre can be notified and the perimeter defences (i.e. intrusion deception points and firewalls) updated. As a result, threats can be mitigated rapidly and there is no chance of false positives.

On subscription

The above two capabilities are powerful in themselves. But imagine how much more powerful they would be if companies and other organisations around the world shared the profiles of attackers. Organisations can share definitive intelligence about threats and individual devices. In addition, organisations can share threat intelligence and provide even more advanced, real-time security.

By providing more innovative, intelligent and dynamic security solutions, we can put attackers firmly in the spotlight, which is exactly where they don’t want to be.

Nigel Stephenson

Nigel Stephenson has solutions marketing responsibility for Juniper Networks’ Cloud and Data Center activities through the EMEA region. Joining Juniper in 2004, Nigel brings to his current role experience of the design and delivery of networking technology solutons and services from roles within leading vendors, enterprises and telecoms organisation spanning more than 20 years. In past roles prior to joining Juniper, specific responsibilities have included IP product development and marketing, telecoms services implementation and product management, and network technology deployment and support. Nigel is the author of a number of Juniper blog articles and frequently talks at industry events on behalf of Juniper. Nigel holds a degree in Electrical and Electronic Engineering from Nottingham University, UK.