Why Is it Important to Choose a Holistic Security Solution Encompassing Both On-prem and Cloud Services
The attack landscape: the attacker’s candy jar
Attacks can be grouped into several categories, and so do the tools that counter-measure the attacks and mitigate them. Focusing on network and application-level attacks, we can identify the following categories:
Volumetric attacks: focusing on the volume of traffic directed at the attacked entity. Those are typically L3/L4 (in the OSI model) attacks. These can further split into attacks targeting a specific server (IP/URL) or service or network wide attacks that are targeting a whole network prefix or part of it (e.g., a “/24”) and can result also in “carpet bombing” attacks.
Application (L7) attacks: these attacks are more focused on the application and its behavior, business-logic, structure, and code itself. They typically result in cross-site scripting (XSS), inventory scraping, identity theft, APIs attack, etc.
Network L7 DDoS attacks: those attacks are typically targeting the L7 network protocols used to communicate with the applications / services. Those protocols would typically be HTTP, HTTPS SSL, TLS, with the more sophisticated attacks targeting TLS specifically by obfuscating the attack inside of the TLS itself. With TLS being an encrypted protocol, this creates an even bigger challenge for attack detection and mitigation solutions to detect the attack and mitigate it. DNS attacks are also gaining more popularity with “DNS dictionary” and “DNS water torture” attacks” at the forefront.
One characteristic of L7 attacks *network or application) is that they do not necessarily result in large volume of traffic aimed at the attacked entity but rather the attacks are sophisticated and can result in lower volumes (sometimes referred to as “low and slow”).
There are additional attack types, but these are enough to show the numerous possibilities and vectors to attack an organization and its business. As I said – the attacker’s “candy jar.”
An important note to add is that if you are not well educated and familiar with the attack landscape, you would be amazed of how easy it is to become an attacker! Tools are readily available in various Internet sources and are quite cheap to purchase and to operate. This makes the life of an attacker quite easy and the life of a legitimate organization, trying to protect itself, quite challenging.
If you got this far – you are highly likely to understand the scope of attacks that your organization and business can experience, and that proper planning and strategy is required to ensure your organization is well covered and protected against the attacks that it might experience
Deploying & consuming a cyber-security solution – a sea of options
With the growth of digital transformation and cyber-attack possibilities, the options to deploy and/or consume cyber-security solutions also grew. Here are typical examples.
Consuming a cyber-security service from one’s service provider: organizations are typically consuming their Internet, as well as communication (landlines as well as cellular) from well-known service providers. In recent years, service providers have also added cyber-security services to their offering. For a typical organization, this means that instead of purchasing the equipment and deploying it on-premises, the organization can instead subscribe to a cyber-security service offered by the organization’s service provider. The service provider purchases the equipment, the peripherals and labor to maintain the service and equipment. The organization – simply pays to consume the service and be protected.
A combination – on-premises with cloud expansion: this option combines the deployment of on-premises equipment (owned by the organization itself) and the ability to expand to a cloud service, owned by a professional cyber-security cloud service provider. This approach is typically used when an organization wants to or needs to mitigate some of the attacks / attack volume on premise but also needs to ability to expand to cloud services in case the attack volume overcomes the on-premises capacity or if the attack becomes far more complicated for the on-premises equipment to handle. In this case, the organization can enjoy the benefits of both “worlds”.
Consuming a cyber-security service from a well-known cloud provider: this option is typically similar to the one above with an important difference that now the service is provided by a dedicated cyber-security cloud provider (such as Radware), which specializes in providing dedicated cyber-security protections and, as in the case of Radware, also develops and produces the actual cyber-security devices used to protect the organizations. Typically, dedicated cyber-security cloud providers provide the utmost professional services in the market.
On-premises deployment: this means that the protected organization purchases all the necessary equipment and deploys it in its own organization’s data center or scrubbing center. It also means that the organization is responsible for hiring skilled security personnel and accompanying peripherals such as routers, switches, and landlines with appropriate throughput to absorb the attack volume.
Read the whole article here.
___
If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.
Content curated by the team of COMPUTER 2000 on the basis of news in reputable media and marketing materials provided by our partners, companies, and other vendors.
Follow us to learn more
CONTACT US
Let’s walk through the journey of digital transformation together.