Story image

Channel should focus on threat vectors, not threats

23 Feb 15

It’s not about the threats, it’s about the threat vectors, Mike Romans, Barracuda Networks ANZ country manager says. He highlights some  key trends.

There were a handful of high-profile threats last year, such as Heartbleed, Shellshock and Cryptolocker.  However, if there’s one way to describe what we can expect in 2015, it’s this: It’s not about the threats, it’s about the threat vectors.

There are six threat vectors that need to be secured for total threat protection. These are email, web applications, remote access, web browsing, mobile internet and network perimeters, including public and private clouds. All these threat vectors suffer from a combination of spoofing, phishing, viruses, spam, SQL injections, brute force attacks, IP spoofing and social engineering.  

While many system administrators are trained to learn how to mitigate historical threats and defend their systems accordingly, the problem is that the automated threat landscape attacks all threat vectors simultaneously. 

Administrators must protect all network and data protection vectors but resellers also have a great opportunity to work with their customers to mitigate the risk to any threat vector that could be exposed.

Four trends

Attack surfaces will change As companies move from physical to virtual to public cloud to SaaS, their attack surfaces change accordingly. 

An infrastructure upgrade may add multiple attack surfaces, all of which have to be secured. For example, companies that migrate from an on-site Microsoft Exchange Server to Office 365 have added a new attack surface across multiple threat vectors, including email and web application threat vectors.

Increased attacks related to mobile access and web applications Mobile internet is particularly vulnerable to phishing and social engineering attacks. Mobile devices are constantly moving between secure corporate networks and unsecure home or public Wi-Fi.

A continued rise in web application attacks and DDoS incidents The web application vector is the attack surface that is currently the least understood by most IT administrators and is generally the most exposed. 

Many companies attempt to secure this threat vector with the wrong technology, like a network firewall, which can protect Layer 4 protocols and even do deep packet inspection.

However, truly protecting web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats. 

Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks. This type of misunderstanding leaves the threat vector exposed to attack, and gives the administrator a false sense of security.

Any increases in IT security budgets will be insufficient for ‘business as usual’ Administrators will continue to be required to do more work with fewer resources, and attempts to either ‘go without’ protections along key threat vectors or to manage a patchwork of disparate security systems will leave their organisations at risk. 

One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Accenture 'largest Oracle Cloud integrator in A/NZ'
Accenture has bought out Oracle Software-as-a-Service provider PrimeQ, which now makes Accenture the largest Oracle Cloud systems integrator in Australia and New Zealand.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.