Recent security breaches at large retailers such as Target, Neiman Marcus and Tesco reflect the highly sophisticated nature of modern internet threats.
The Target breach
The Target breach is particularly interesting since the hackers were able to access the network through one of their HVAC contractors, Fazio Mechanical. Several articles have posited a potential sequence of events for the attack. At a high level:
- Hackers stole user credentials from Fazio employees by launching a password stealing bot through phishing emails.
- They used these credentials to access Target’s internal networks since Target provides contractors access to specific parts of its network through external billing systems and other workflow management portals.
- Once inside, they were able to install malware to steal credit/debit card information from point of sale registers as well as deploy a control server to gather the stolen data.
While the specific causes are yet to be revealed, some probable security gaps that may have enabled this attack include:
- Lack of advanced email protection for Fazio’s users to block phishing attacks.
- Instead of real-time protection against malware attacks, Fazio was using a free, consumer version of the Malware Bytes anti-malware tool that only provided on-demand scanning.
- Improper network segmentation and lose firewall policies that may have allowed the hackers to deeply penetrate Target’s internal network from the outside.
- Possible lack of multi-factor authentication for remote network access to Target’s systems.
- Publicly available documentation and easily access to meta-data providing details on Target’s internal network.
You can read more about this at http://krebsonsecurity.com/tag/target-data-breach/.
It’s all about the infrastructure
Even with a heightened awareness around Internet security, these incidents are not uncommon. I read about incidents time and again where hackers are able to infiltrate seemingly secure networks by exploiting gaps in security infrastructure as well as human behavior. This will get more complicated as the lines between business and leisure internet activity blur, mobile devices become more prevalent and more applications move to the cloud. Attackers are able to launch highly specific and targeted attacks that can bypass traditional protection measures. (Recent research shows that phishing emails take no more than 3 attempts on average to get somebody to open a malicious link or attachment.)
The Target incident underscores some common security concerns organizations face today:
- Traditional anti-malware technologies are not sufficient to defend against targeted, aggressive, multi-vector attacks.
- Increasing network complexity
- While Target’s internal network may have been secure, the distributed nature of its operational infrastructure provided multiple points of access from potentially less secure networks.
- The need for simplified network and security management interfaces. We ran a survey last year that indicated that over 80% of companies did not know what their firewall rules did and over 55% had a security gap because of misconfigured firewall rules.
- The need for Web application security as enterprise applications move to the cloud and more commercial transactions are conducted over the web.
To an IT administrator, this attack highlights the importance of a security strategy that:
- Provides proactive, real-time protection against phishing attacks and web based malware
- Blocks requests to malicious URLs
- Detects and blocks outbound traffic from infected client computers indicating spyware activity or data leakage
- Secures Web applications by protecting against SQL Injection, Cross-site scripting, request forgery, spoofing, and identity theft.
- Secures the network gateway by providing application layer visibility and control
- Secures remote access through policy and tight authentication
- Secures against network intrusions
- Prevents leakage of private information or intellectual property
- Prevents man-in-the-middle attacks
- Provides network monitoring and reporting
It would be wrong to presume that these concerns only affect very large enterprises. The vulnerabilities and security requirements for small and medium businesses, like Fazio, are similar to that of larger enterprise networks like Target. However, they have far fewer IT resources and smaller budgets.
An alternative to UTMs and infrastructure gaps
Many of these networks rely on Unified Threat Management (UTM) devices that try to provide multiple security functions on a single device. While good on paper, this “Swiss army knife” approach does not work well when implementing network security because you need different architecture and technologies to forward and regulate network packets compared to proxy Web traffic, scanning for malware and filtering spam. Enabling features on UTMs severely degrades performance. The result is IT administrators are constantly making security compromises to avoid throughput bottlenecks.
I hear this all the time from our customers. This is why, instead of following the UTM hype, Barracuda has developed a suite of specialized security solutions with a rich feature set built on purpose built technologies. These solutions have common web based user interfaces, common management and support infrastructure and share threat intelligence data.
The solutions connect with each other as components in an integrated, modular network security framework that provides comprehensive, in-depth protection across all threat vectors, with centralized management, ease-of-use and scalability.
The Barracuda Firewall is at the center of this framework. It is a high performance next generation firewall that is designed to provide comprehensive application level network security at high throughput. Web and email security can be easily added to the firewall as services in a public cloud, virtual appliances in a private cloud or dedicated on-premises hardware appliances.
The entire solution can be centrally managed and monitored through Barracuda Cloud Control, a cloud-based central management portal. More so, the security blanket can be easily extended beyond the network perimeter to cover laptops and mobile devices.
This approach provides the best combination of features, consolidation, ease of use and affordability while giving our customer the right set of deployment options. The framework can fit any size of network, from small branch offices to large corporate networks and scale to any size of business.
In effect, it provides the consolidation of UTMs without any of the performance limitations or security gaps.
For further reading, here’s an article about the growing cybersecurity threat small businesses: http://www.inc.com/will-yakowicz/why-california-attorney-general-is-erious-about-cyber-security.html?cid=sf01001