If you don’t want to be the next headline

Authored by Joel Rudman

Last year the Capital One data breach resulted in over 100 million consumer credit applications being stolen, this was a result of a misconfigured open source Web Application Firewall (WAF) which they were using as part of a public cloud deployment in AWS.

The WAF had been assigned the incorrect permissions and was permitted to access data buckets not required for its function. A vulnerability was exploited, which allowed the intruder to run commands the WAF should have never been permitted to run, enabling them to communicate with a metadata service, which contained the credit applications.

A resounding concern from customers is “I don’t want to become the next security breach headline” whether this is related to a security attack, data breach or an outage caused by services being overloaded or badly configured. These customers have often invested hundreds of thousands, if not millions of $ in the latest and best security and monitoring tools, however, they are still concerned these measures are not enough to prevent them potentially being the next major headline.

A public security breach concern isn’t just a short-term issue, consumers and the public don’t forget and credibility on both the market and with consumers are damaged long term. Companies can be fined by a regulator if they have breached laws and not carried out due diligence. In the case of Capital One, their share price recovered to its pre-breach status l within 3 months, but now there are fresh headlines as they have now been hit with a $90M fine by the US Banking Regulator, the Office of the Comptroller of the Currency, as did not establish effective risk assessment process prior to migrating significant operations to the Public Cloud and correct errors in a timely manner. They have been ordered to overhaul its operations to ensure they protect their customers against cyber criminals in the future by implementing an effective risk assessment.

Back to the question, when confronted with the question over security assurance, my advice is:

  1. Implement continuous testing during deployment rollout and in service.
  2. Deploy a Visibility Architecture which allows your monitoring and security tools to provide a holistic view of the whole network.

Continuous Testing is vital, many organisations select a security product based from the datasheet, it is installed on to the network and left it to ‘do its job’. The network and applications evolve, but the security tool is often left alone, or polices are changed with little or no understanding on the performance of the tool or the effect on other parts of the security toolset that have been deployed.

Keysight test solutions allow testing and validation of the network, applications, monitoring and security tools. Keysight testing provides assurance that the tools perform to the level expected and indeed required to secure your network and troubleshoot any issues. Network Services, Applications and Tools can either be tested in isolation or as an end-to-end service. Testing when you make a change is essential, this ensures the change has not reduced the performance or created a vulnerability gap in your defences.

Keysight’s Threat Simulator takes this to the next level by playing the role of a bad actor by simulating specific attacks from inside or outside of your network, enabling validation of your security posture against real threats and pinpointing any weak spots and misconfigurations. Our Professional Services team can work with to implement and run tests, if you don’t have the resource availability or skill set to do this yourself.

A Visibility Architecture is key as it eliminates any blind spots that your security and monitoring tools have on your network, whether they are in a Data Centre, Remote Sites, Private or Public Cloud networks. The Visibility Architecture is a layer that is created that consolidates data feeds in single fabric that delivers the right traffic to each network and security tool. Built-in advanced packet processing engines can eliminate any duplicate data, remove unnecessary headers or data before delivering the data. It can also help the tools scale by load balancing traffic across multiple instances to allow higher bandwidths to be processed and decrypting SSL/TLS encrypted data.

Customers often report detection rates on their security tools increase by 60-70% with false positives being eliminated, by the tools receiving a quality data feed. With the added bonus of now being able to see the whole network, with end-to-end flows for each application ensuring they can resolve and troubleshoot faults that do occur quicker.

If you would like to understand more about or Test or Visibility offerings, please send me a message.

Joel Rudman joel.rudman[at]keysight.com

limit
3