When enterprise network security is unpredictable…

Infotech Lead Asia: Security threats that are facing enterprise and computer networks are getting more technically sophisticated and difficult to detect as they have minimal footprints on the system that are cleverly concealed until the attack actually occurs.

Last year saw cyberattacks on the rise and the trend is likely to continue this year as well. The DDoS mitigation firm Prolexic reported an 88 percent increase in the number of DDoS attacks launched in Q3 2012 compared to 2011. Top threats include botnets, top malware location by country, top vendor vulnerabilities and exposures, and SQL injection events by source country. 2012 was the year of password disclosures. Yahoo, Zappos and LinkedIn were some of the major websites that were breached.

Earlier this year Sony was fined £250,000 by the Information Commissioner’s Office (ICO) for a breach that compromised the personal information of 77 million PlayStation users in 2011. ICO believed that the attack could have been prevented if Sony had used better and more updated security software.

Aramco, an Oil giant in Saudi Arabia became the hapless victim of Shamoon, a virus that crippled 30,000 of its workstations, wiped their hard drives and forced the company to shut down its networks for a week. Luckily, Aramco has been prudent enough to use a separate network to control its oil production operations. A similar attack was launched at RasGas a Qatar base LNG producer. Later a  group named “Cutting Sword of Justice” took responsibility for the attacks.

Last month Mandiant, an American computer security firm traced a series of attacks on companies like Coca Cola and critical infrastructure of United States, such as its power grid, gas lines, waterworks to a Chinese hacking group.

Last week computer networks running three major South Korean banks and two largest broadcasters in South Korea were paralyzed by a malware called “DarkSeoul”, which renders computers useless.

These attacks were aimed at the economy of the country in question, not the company specifically. These incidents are examples of a whole new type of terrorism which uses cybercrime as a weapon of choice.  It makes one think of the true potential of cybercrime, which has come a long way from simple viruses and mischievous Trojans that could affect only one user. The threat of a full blown cyber-warfare looms large, still waiting to be acknowledged

Cybercriminals easily catch users off guard on social networking site by featuring links to download malware disguised as harmless apps. App crazy smartphone users are sitting ducks for apps designed to steal information or send out premium rate text messages without the user’s knowledge.

According to McAfee’s Threat Predictions report for 2013, mobile threats will rise as well. Mobile phones and tablets will be soft targets for ransomware that locks up devices and keep them locked until a ransom is paid. A trojan horse programs that buys apps without the user’s permission is expected to hit users hard. Attackers will create mobile worms with NFC capabilities to steal money that will spread and affect users in densely crowded areas like malls and airports.

Cybercriminals will be seen favoring Citadel as the Trojan Citadel Rain can retrieve configuration files and enable cybercriminals to send a targeted payload to a single victim or a selection of victims.

Cloud and mobile computing continues to gain prominence with even SMBs moving their workloads into the cloud. This trend, along with rampant adoption of BYOD is making it increasingly challenging for organizations to control who can access its network. It is often difficult to maintain visibility of what resources were accesses, when they were accessed and by whom. VPNs and roaming users who use remote access to connect to a company’s network make the company’s firewall porous.

Organizations are now looking for security solutions that can provide effective protection while coping with the increasing demands on their networks caused by the complexity of virtual infrastructures, hybrid cloud models and explosive growth of mobility in the workplace. Security software providers are constantly innovating to stay a step ahead of malware and other threats to network security.

According to the InformationWeek 2012 Antivirus and Anti-malware Vendor Evaluation Survey conducted on 386 IT professionals, Symantec and McAfee emerged as the the most widely used vendors. According to OPSWAT’s market share report, Avast has the largest market share worldwide, at 17.4 percent. Microsoft came second with 13.2 percent while ESET, Symantec, and AVG each claimed over 10 percent. In a separate analysis of the market share in North America, Microsoft owns 22 percent of this market, Symantec has 15.1 percent, AVG gets 11.2 percent, Avast 10.4 percent, and ESET has 7 percent

Most providers of security software are evolving and adding new features to stay a step ahead of cyber threats. Some of the new features security softwares are now incorporating in their products are  multi-factor authentication capability, cloud-based security offerings and multi-level encryption.

The use of VPN has also increased due to the protection it offers end users higher protection by allowing them to access and view webpages on a  fully protected and encrypted network, rather than the public internet, hiding IP addresses and protecting against malware. VPNs encrypt every web page accessed, preventing hackers from capturing passwords and browsing history over unsecure Wi-Fi connections.

TechNavio’s analysts predict that the Global Network Security market will grow at a CAGR of 5.71 percent over the period 2011-2015. One of the key factors contributing to this market growth is the rising network security threats and the increasing demand of SaaS-based security solutions

IP VPN services represent a $28bn global market. AT&T and Verizon were the top two providers of cloud and IP VPN services at the end of 2012

Analysts forecast the Global SSL VPN market to grow at a CAGR of 4.02 percent over the period 2012-2016. The key vendors in this market space are Juniper Networks, Citrix Systems, Cisco Systems and F5 Networks.

Choosing and deploying sophisticated network security measures alone may not help protect an organization’s network. IT departments of organizations have to closely collaborate with the company leadership to identify vulnerabilities and adopt appropriate countermeasures such as advanced high-performance and high-redundancy network security components. Educatinge mployees and sensitizing them to ensure that they do not unwittingly make the company’s network vulnerable is equally important.

To a large extent, keeping production networks and industrial control systems completely separate from the normal network to prevent it from being affected in case an attack does happen will also help. It is necessary to investigate both specific, suspicious behaviors associated with malicious activity, as well as general anomalous behaviors that are unusual or unexpected because it has become difficult to accurately predict the nature of an attack.

Pix source: Sipera.com

Sangeeta Sudhakaran

[email protected]