Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Q&A with Sharat Sinha: Don’t trust, always verify

Zafar Anjum | Nov. 27, 2013
The best way to approach security is to shift away from ‘trust but verify’ to ‘don’t trust, always verify’, says Sharat Sinha, Vice President APAC, of Palo Alto Networks.

What are some of the most active threats in the Asia Pacific region today? 

According to Palo Alto Networks Application Usage and Threat Asia Pacific Report,

  • 98% of all exploit logs were found in nine applications; seven of them are internal/infrastructure applications (databases, Active Directory, RPC, etc.)
  • 99.99% of all malware logs were found in only four (out of 1,244) applications with custom/unknown-UDP representing the highest volume at 45%
  • Most of the active threats come from business applications that were used as vectors by hackers, which include custom applications. In this case, threats refer to a combination of application vulnerability exploits (think IPS) and malware (spyware, botnets, adware, etc) - applications that everyone needs. Based on our Application Usage and Threat report, 98% of the vulnerability exploits in only nine applications and out of these, seven are running your business. Exploits are defined as injection attacks, code-execution, and overflows while malware is defined as botnets, adware, spyware and such. This tells us that the high value assets that run the business are heavily targeted by cyber criminals.
  • Another source of threat are the applications that many enterprises choose to ignore - DNS and custom/unknown UDP - that are present in every network traffic. Both stateless in nature, Palo Alto Networks saw 71% of the malware logs in these applications, indicating that attackers have become adept at hiding in the shadows. Some of our findings are,
    • 25% of the applications (317) use SSL in some way, shape or form
    • 83 of the 317 applications that use SSL, never use port 443, nor do they use SSL defined ports (37 hop ports, 28 use tcp/80, 20 use ports other than tcp/443)
  • Lastly, unknown and detected applications are also a significant source of attacks in the Asia Pacific market.

How would BYOD impact businesses in the Asia Pacific region? What is BYOD's implications in terms of risk management, data protection, and data management? 

  • The more devices connected to the Internet, the more opportunities there are for cyber criminals to break into the network - Whether it's connected cars, smart cities, telemedicine, the digitalisation of all of our information - business, and personal in the case of a targeted attack - offers more reasons for businesses to be hacked.
  • BYOD is both a necessity as employees, partners and customers get access to the enterprise network from within and outside enterprise network boundaries, as well as a contribution to the increased productivity in enterprises. However, it also exposes enterprises to significant risk unless there are policies in place to safely enable these devices and applications on them. It requires security policy implementation so that there is uniform enforcement of security policy independent of which device is used to access enterprise resources.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.