Currently in front of the US Congress is the Cybersecurity Act of 2012. With so much of today's infrastructure and economy dependent on the Internet the US Govt is considering what additional measures it can take to protect critical infrastructure, government assets, companies and individuals. A portion of this act is focused on education and awareness, which we all can use in the fast moving world of security.
While we can't control what the US Govt, or any other govt does to protect us, we certainly can take action to protect our own infrastructures. Designing a strong security architecture requires building layers of security. By this I mean, having multiple security and monitoring systems that provide many methods of monitoring, detection, defense, etc. However, to do this you need to consider the various attack vectors, your gaps, and how to economically implement the architecture. In many cases, making security economical within a large organization requires leveraging solutions you already have, but possibly haven't utilized to their maximum capability.
Riverbed's IT Performance solutions not only contribute to improving efficiencies, they also have extensive capabilities related to monitoring and security. However, often our clients aren't leveraging these existing capabilities as part of their security architecture. Using tools already deployed in your infrastructure can help your organization improve security, while saving money.
In today's blog we'll briefly cover some of the security and monitoring capabilities in Riverbed's solution portfolio.
- Application delivery controller service protection capabilities against attacks such as malformed requests, Denial of Service (DOS), Distributed DOS, etc.
- Access rules to deny unauthorized addresses, as well as user authentication integration to deny to unauthorized users.
- The Web Application Firewall (WAF) can block application layer attacks, such as code injection, cross site scripting, phishing attacks, spiders and much more. This can be done in software on the servers or in the Traffic Manager itself. This architecture enables massive scaling that is cloud ready, can be distributed globally, all while being centrally managed.
- Develop sophisticated OSI layer 3 - 7 security policies, to include shadow rule sets to model how a policy will affect traffic prior to applying it.
- Bandwidth management capabilities to limit requests, bandwidth, etc.
- Global Load Balancing for COOP scenarios.
- Extensive and customizable web logging for deep application analysis both onboard Stingray or using third-party web log analysis tools.
- Request tracing and packet capture for deeply analyzing attacks or suspicious users.
- Traffic Script and Java integration provides extensibility to build custom security capabilities. Your imagination is truly the limit with these unique options.
- Drill-able network visualization tools to easily see who did what to whom and what happened.
- Extensive flow reporting to cost effectively monitor every conversation within an enterprise.
- Network Behavior Analysis and Detection (NBAD) and Rule Based Events (RBE) for performance and security event alerting. Enabling you to be told about security events or anomalies very efficiently - such as new hosts, suspicious hosts, worms, unauthorized scanners, servers transmitting on unauthorized ports, backdoored hosts, unauthorized firewall policies, and much more.
- Integration with vulnerability scanners, SIMs, Active Directory, DHCP and DNS architectures to enable streamlined analysis and security automation.
- Automated and/or manual right-click integration with switching and routing infrastructure to disable interfaces with compromised hosts so they can be quickly and easily quarantined.
- Shark provides continuous high-speed long-term packet capture with analysis via PIlot.
- Shark can export packets in PCAP format to support analysis with third-party tools, like your favorite reconstruction tool. This enables deep forensic analysis and the packets to prove exactly what happened.
- Flow export to Cascade and/or Security Information Management (SIM) frameworks so you can monitor host level conversation details globally.
- Continuous packet capture for forensic analysis (tcpdump format).
- QoS and Inpath rules to deny or block suspect traffic types - such as P2P, malware, etc. This enables distributed blocking of unwanted traffic. When using Central Management Console (CMC) your organization can enforce actions globally within seconds.
- RSP/VSP virtualization frameworks to deploy your favorite security tools within a remote site without the need for more hardware (VPN, Firewalls, IDS/IPS, open source tools, etc). For example, a SNORT package is available for RSP from the Riverbed Community site.
While Rivered is know as the IT Performance company, you can see we also have useful security capabilities.
Scary Fact: The Verizon 2012 Data Breach Investigations Report analyzed over 855 data breaches (i.e. compromised records). Of these data breaches the attacked organization only discovered eight percent of the breaches. Ninety-two percent of the breaches were discovered by other parties (law enforcement, fraud detection services, customers, etc). Records were exfiltrated in seconds to hours in sixty percent of the cases, while in eighty-three percent of the cases it took weeks to months for the breach to be discovered.
Are your web applications protected from code injection, cross-site scripting, insecure direct object references or cross-site request forgery? These are just a few of the most common web application vulnerabilities. If you are interested in learning more about web application security there are outstanding free resources at the Open Web Application Security Project (OWASP). One my my favorites is the WAF Best Practices article. OWASP hosted AppSec 2012 recently and was kind enough to invite Riverbed's Alex Meseil, Director of WAF, to discuss his experience and lessons learned about Cloud-based Distributed WAF - an architecture being used by some of the largest Internet content providers today.
We all need to be aware of the challenges with security, especially at the application layer. Contact Riverbed today to discuss how we can further assist.