Proactive web security with client reputational services

Author: Sudeep Charles, Product Manager, APJ at Akamai

In 2014, several successful malicious attacks against large financial services, government and private sector firms gave a clear indication of the changes occurring in the network security industry. The recent Ponemon Institute Cost of a Data Breach study found the average cost of a data breach to be $3.5 million with average cost per compromised record more than $145.

Further, Akamai's State of the Internet Report for Security, Q4, 2014, also indicates a rise in attacks with a 90 per cent increase in Distributed Denial of Service (DDoS) attacks and 121 per cent increase in infrastructure layer attacks over the previous quarter.

Despite having significant security measures in place, organisations are still falling victim to cyber-attacks.  While these organisations all had the traditional, on premise, network security safeguards in place, they still lost sensitive intellectual property.

Unfortunately, these attacks proved that reliance on traditional methodologies is not enough to stop the modern threat. Reactive mechanisms do provide a layer of security, however knowing what threats lurk on the Internet and protecting critical web infrastructure proactively from those threats can be invaluable.

Challenges in detecting threats flying under the radar

Protecting against attacks armed with advanced malicious threat technologies requires much stronger threat prevention techniques than just legacy systems that do not offer scale and impact performance. It requires an intelligence-based structure that aggregates and correlates information from a variety of unified threat management sources. A unified platform that can analyse user behaviour with internal data and external sources in order to determine if users on a network are doing their job or something more nefarious is needed. This consequently, presents a set of challenges to organisations:

  • Limited data sources: Companies simply do not have data sources that can capture data from across the globe. An IP, for example can be the source of malicious traffic on the other side of the globe and simply go unnoticed because organisations do not have the ability to capture and flag that address
  • Constraints in analysing large datasets in near real time: While Big Data and analytic platforms for large data have been around for a while, organisations largely, are yet to come to terms with applying this to web protection. The reason is predominantly due to large investments that are needed to do this.
  • Lack of heuristics engines: The application of heuristics has been prevalent in endpoint systems but their use in proactive web defence mechanisms is relatively limited
  • Scarce expertise: Qualified security expertise is hard to come by and expensive to employ. This is a critical gap in security postures today. Once a threat is identified, the ability to create/push rules that plug vulnerabilities is critical, but most often, very expensive. 


Client Reputation and Proactive Defence Strategies

Client Reputation technologies better protect applications and web infrastructure against DDoS and application layer attacks. This is achieved by identifying and sharing with organisations the likelihood that particular IP Addresses fall into one of the following "malicious" categories: web attackers, Denial of Service (DoS) attackers and scanning tools. Client reputation technologies leverage advanced algorithms to compute a risk score based on prior behaviour as observed on a massively distributed network. The algorithms use both legitimate and attack traffic to profile the behaviour of attacks, clients and applications. Based on this information, one can assign risk scores to each IP Address and allow organisations to choose which actions they wish to have their traditional defences perform an IP Address with specific risk scores.

Should organisations pay heed?

The answer lies in understanding that a multilayered defence is key and such technologies add another layer of protection that complements existing defences. These technologies also provide better input to critical security decisions. Such services also fill an important gap in defence postures - the forecasting of intent before exploitation.

Overall, there are a plethora of technologies available, each filling out a niche area and a specific need. Client reputational services gives organisations the ability to forecast a threat before being exploited, which is needed in order to maintain business continuity and minimise the impact of cyber threats.

Join the CSO newsletter!

Error: Please check your email address.

Tags private sectorSudeep CharlesIT Securityweb securitybig dataIP addressesgovernmentCSO Australia(DDoS) attacksakamaimalicious attacksState of the Internetdata breach

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sudeep Charles

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place