THE INTERNET: A BUSINESS ENABLER & RISK
The internet is a huge business enabler; it provides:
- Lots of apps and services that your employees can leverage for productivity, plus
- A promotional and distribution mechanism to get your applications or services to the global market
It is also a dangerous place; Cybercrime is now 3x bigger than the drug trade and growing:
- Behind the useful apps are malicious scripts and applications,
- Mixed in with customers are highly skilled criminal gangs and even adversarial government funded actors
They are typically after your data, services and resources (including cash).
Given the human element of the gateway attacks (email and web browsing), awareness is highest here. There are a huge number of devices that can assist, but employee training is an integral part of any gateway cybersecurity program.
But your little corner of the internet, where you publish your applications to customers, partners and employees, is also at risk. Skilled hackers and robots continually scan the internet from the shadows. They build inventories of your component technologies and then exploit either opportunistically or in targeted attacks. Awareness doesn’t help here; they can attack anytime without warning. Given the poor state of application code and hosting infrastructure we are seeing more and more exploits occurring through this channel.
THE INTERNET: TYPICAL PROTECTION
To protect against attacks to your internet published applications, the typical approach is to:
- Protect infrastructure issues with DDoS and WAF devices
- Remediate flaws detected in the application software directly
Given WAF devices can classify application traffic as either good or bad, these devices can protect some application flaws externally. There is often confusion around the protection offered, but as highlighted by Gartner these devices cannot modify application behaviour and therefore cannot protect from Functional Abuse and Access Violation exploits.
The skills required to optimise these tools also introduce challenges:
- Security testing shows that in most deployments these devices are either configured ineffectively or the
technology does not defend from modern evasion techniques
- Are often deployed as projects and hence Adds, Moves and Changes do not occur in the timeframe
required to neutralize the risk
- They make errors in traffic classification and mistakenly block legitimate application usage. Combining this
with 2) often lead to failed deployments. The industry has responded with security sliders where you can
choose between security and compatibility. This is the underlying reason for 1).
- They disrupt the Software Delivery Solution Cycle
- They don’t provide the information necessary for change/incident/risk management and don’t provide
reporting on effectiveness and value
THE INTERNET: REDSHIELD PROTECTION
RedShield has been created to address these real world Typical Protection short comings.
Our highly automated, human assisted, web protection managed service continually assesses a broad range of threat & vulnerability feeds to optimise and audit your defensive posture. It is designed to Observe, Orient, Jointly Decide and Act in a timeframe appropriate to neutralise the risk. These days often in minutes.
The managed service nature means that no expert customer capability is assumed or required. We integrate with your governance procedures, providing the details required for risk and security decision making, whilst providing value based reporting.
We also understand that disrupting the normal functioning of the application is unacceptable, we have custom techniques to reduce this 3 orders of magnitude below what the industry deems as acceptable, and rapid response (averaging <15mins) for resolution.
Disrupting your Software Delivery Lifecycle is equally unacceptable, hence we operate as a parallel non blocking DevSecOps function or as agreed.
But fixing your apps without your SDLC is something that RedShield uniquely offers. RedShield “Workers” are small application objects that RedShield hosts external to your application that require zero code touch. They can be particularly useful for 3rd party and legacy applications where there are no development teams available. Workers can rewrite REQs and RESs, modify application behaviour or even add missing security functions.
If you have more questions, please contact: Sales@RedShield.co