ChannelLife New Zealand logo
Story image

Channel should focus on threat vectors, not threats

23 Feb 2015

It’s not about the threats, it’s about the threat vectors, Mike Romans, Barracuda Networks ANZ country manager says. He highlights some  key trends.

There were a handful of high-profile threats last year, such as Heartbleed, Shellshock and Cryptolocker.  However, if there’s one way to describe what we can expect in 2015, it’s this: It’s not about the threats, it’s about the threat vectors.

There are six threat vectors that need to be secured for total threat protection. These are email, web applications, remote access, web browsing, mobile internet and network perimeters, including public and private clouds. All these threat vectors suffer from a combination of spoofing, phishing, viruses, spam, SQL injections, brute force attacks, IP spoofing and social engineering.  

While many system administrators are trained to learn how to mitigate historical threats and defend their systems accordingly, the problem is that the automated threat landscape attacks all threat vectors simultaneously. 

Administrators must protect all network and data protection vectors but resellers also have a great opportunity to work with their customers to mitigate the risk to any threat vector that could be exposed.

Four trends

Attack surfaces will change As companies move from physical to virtual to public cloud to SaaS, their attack surfaces change accordingly. 

An infrastructure upgrade may add multiple attack surfaces, all of which have to be secured. For example, companies that migrate from an on-site Microsoft Exchange Server to Office 365 have added a new attack surface across multiple threat vectors, including email and web application threat vectors.

Increased attacks related to mobile access and web applications Mobile internet is particularly vulnerable to phishing and social engineering attacks. Mobile devices are constantly moving between secure corporate networks and unsecure home or public Wi-Fi.

A continued rise in web application attacks and DDoS incidents The web application vector is the attack surface that is currently the least understood by most IT administrators and is generally the most exposed. 

Many companies attempt to secure this threat vector with the wrong technology, like a network firewall, which can protect Layer 4 protocols and even do deep packet inspection.

However, truly protecting web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats. 

Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks. This type of misunderstanding leaves the threat vector exposed to attack, and gives the administrator a false sense of security.

Any increases in IT security budgets will be insufficient for ‘business as usual’ Administrators will continue to be required to do more work with fewer resources, and attempts to either ‘go without’ protections along key threat vectors or to manage a patchwork of disparate security systems will leave their organisations at risk.