Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Defending against exploit kits

Patrick Sweeney, Dell executive director, product management | June 4, 2013
Exploit kits comprised of malicious programs that identify and then attack cyber-vulnerabilities and spread malware represent the dark but massively profitable side of cybersecurity attacks.

The Dell SonicWALL GRID Network observes that Java was the most targeted application in 2012 for exploitation. Not surprisingly, considering an estimated 3 billion devices run Java — offering a large and cross-platform user base for cybercriminals to exploit.

What can businesses do to protect themselves?
The most important steps to protect yourself is to be aware of the most obvious and dangerous variants. Second, it is key to educate employees how to recognize and avoid accidentally bringing a virus/malware/trojan into the corporate network. A recent survey of Dell SonicWALL customers shows that 68% of all businesses reported that employees cannot identify fraudulent attacks on the corporate network.

Intrusion prevention systems (IPS) and unified threat management are the heroes here. Advanced and complete security systems that include gateway antivirus, anti-spyware, intrusion prevention, and application intelligence and control serve to provide intelligent, real-time network security protection against sophisticated attacks such as those resulting from exploit kits.

Many businesses believe their existing firewalls will protect them from an attack. The reality, however, is that old firewalls pose a serious security risk to organizations today. First-generation firewall technology has become obsolete as it fails to inspect the data payload of network packets circulated by today's Internet criminals.

To prepare and defend against the massive growth in social media, applications, BYOD and multimedia files flowing through the corporate network and the threats they may carry, entirely new technology is needed. First-generation firewalls were designed to block direct threats coming from outside in a perimeter-based attack. However, the dramatic shift in how and where people access the corporate network has rendered these stateful firewalls inadequate.

Mobile employees connecting to critical business data from home broadband or public wireless hotspots, and mountains of media and rich digital content, are an ever-growing part of business software applications. Data inspection at the application-content level is vital to protect against sophisticated hacking schemes, which is why "deep packet inspection" (DPI) is now the preferred approach over SPI. In particular, stream-based DPI gives robust network protection via application-level inspection and is a very low-latency approach.

If an organization does business anywhere on the Internet, it is likely not a question of if, but when it will be targeted by cybercriminals. There is much that business can do to minimize and deflect the impact of these potential threats. In particular, IT should closely collaborate with the company leadership to identify where vulnerabilities exist and prepare with appropriate countermeasures, including advanced network security and employee education; this combination is the most powerful one-two punch to defend from current and future attacks.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.