Barbarians at the Gate - Shoring Up Web Application Defenses with Client Reputation

Written by

In the past two years, several successful malicious attacks against large financial services, government and private sector firms gave a clear indication of the changes occurring in the network security industry. The recent Ponemon Institute Cost of a Data Breach study found the average cost of a data breach to be $3.79 (£2.6) million with average cost per compromised record more than $154 (£105).

As Akamai’s Q4 2015 State of the Internet Security Report confirmed, the threat from DDoS and web application attacks is not going away. In fact, in Q4 2015 the number of web application attacks jumped 28% while DDoS attacks increased 40% compared with Q3.

Despite having significant security measures in place, organizations have fallen victim to cyber-attacks. All of the organizations had the traditional, on premise, network security safeguards in place but still lost sensitive intellectual property.

Unfortunately, these attacks demonstrated that reliance on traditional methodologies is not enough to stop the modern threat. While these reactive mechanisms do provide a layer of security, knowing what threats lurk on the internet and protecting critical web infrastructure proactively from those threats can be invaluable.

Challenges in detecting threats flying under the radar

Protecting against attacks armed with advanced malicious threat technologies requires an intelligence-based structure that aggregates and correlates information from a variety of unified threat management sources. It requires a unified platform that can analyze user behavior with internal data and external sources in order to determine if users on a network are doing their job or something more malicious. This presents a set of challenges to organizations:

  • Constraints in analyzing large datasets in near real time: Big Data and analytic platforms for large data have been around for a while. However, widespread adoption of analytic-driven web protection has been relatively slow, due to the large investments required.

  • Lack of heuristics engines: The application of heuristics has been prevalent in endpoint systems but their use in proactive web defense mechanisms is relatively limited.

  • Scarce expertise: Qualified security professionals are hard to come by and expensive to employ. This has created a critical gap in security postures today. The skills required to manage and maintain the latest rulesets and provide expert attack support command a significant wage, but they are still very cost effective compared to the financial impacts caused by a typical security breach.

Client Reputation and Proactive Defense Strategies

Home security systems provide additional protection and peace of mind to homeowners, especially when neighborhood crime is on the rise – this is similarly the case with online security, where rate controls alert and protect organizations from an increase in malicious web activity. With an alarm system monitoring windows and doors, it becomes much more risky and difficult for an intruder to steal the goods, which is akin to how a web application firewall (WAF) stops individual requests based on their payloads.

Like a perimeter camera that can compare known burglars to a person on the porch and alert police to stop a crime before it is committed, client reputation monitoring services can alert on and block known sources of malicious traffic.

Client reputation monitoring provides this additional protection by focusing on the source of the threat – web clients as opposed to attack vectors – and stopping the attack before any of the bad requests reach the WAF for inspection. This approach uses advanced algorithms on the data collected from a large number of web clients to identify malicious actors. The malicious web clients are scored according to their past behavior and current likelihood of engaging in four types of attack behavior: application layer attacks, website scanning and scraping, other web attack launches and DDoS attacks.

Therefore, client reputation monitoring gives organizations the ability to look at a particular client IP address and predict, based on past behavior, whether that client will engage in future attacks on their web application platform. In addition, the data can help to predict the intent of future requests from a particular client IP address.

Should organizations pay heed?

Web applications have become a staple of the internet, from business-driven software-as-a-service (SaaS) applications to consumer mobile apps. For example, Gartner expects that by 2016 about 25% of large banks will deploy a banking app store to improve app discovery, user experience and collaboration. Unfortunately, the increase in web applications will result in an increase in data theft targets for cyber-attackers. Simply put, malicious actors will follow the money up the application stack.

Once upon a time, it used to be enough to just monitor doors and windows. Today’s home security systems include motion sensors and cameras and, as with the best home security systems that work at multiple perimeters, today’s organizations need to take a similar approach to cybersecurity to protect against the increasing threats of data theft.

The answer lies in understanding that this multi-layered defense is key and that there are technologies that add another layer of protection that complements existing defenses. Adding client reputation monitoring to a cloud security strategy not only helps stop malicious attacks at the source, but also provides the security intelligence needed for improved security decisions and risk evaluation.

Having a service that provides the ability to forecast a threat before being exploited should be an easily justifiable investment in order to maintain business continuity and minimize the impact of cyber-threats.

What’s hot on Infosecurity Magazine?