The evolution of cyber threats and their inextricable link to system advancements
When it comes to defending against modern day attacks, the primary issue is that the traditional, commonly used security perimeter was built prior to virtualization, cloud, SDN and mobile. Thus, this security perimeter was not designed with these new architectures in mind. Additionally, it was not designed to stop targeted, persistent threats and modern cyber attacks.
We know that threat sophistication has significantly changed; attack vectors, propagation methods, and even the ultimate goals of the attacker have evolved. Yet, the world of data center security remains stagnant, leaving this chasm between threats and data center security. Attackers find and exploit these gaps, exposing corporate victims and stealing headlines in the Wall Street Journal. Attackers are getting in and moving around in an environment that the enterprise has almost no visibility into. Then, they walk out the same front door (that was supposed to have stopped them in the first place) with the crown jewels of the corporation in hand.
How are these attacks happening? To answer this question, the vArmour team investigated communications of past attacks and network traffic flows to better understand these threats. In doing this, it quickly becomes clear that, as the methods of human communication evolve, the ability to hack or manipulate said method has equivalently evolved. Many industry experts agree that the modern day idea of “malware” was born in 1998 alongside the birth of the Morris Worm. As with most modern attacks, the Morris Worm was formed in the pursuit of knowledge, not malice. It utilized known vulnerabilities in network applications and protocols in an effort to ultimately map the Internet. The problem, however, was that computers were susceptible to being infected over and over, with each successive infection slowing the computer more and more until it ultimately became unusable.
After the Morris Worm, laterally-spreading malware became the new propagation method. Successors, such as Nimda, Blaster and Sasser, all began to proliferate. These successors were wreaking havoc on any networks they could access. They all had one thing in common: they exploited a weakness in a system and then utilized technology to replicate itself and spread through the system until their mission objective was completed.
These attacks were all headless; they were set in motion like dominos with no secondary control by the original attacker. Over time, these threats evolved into targeted attacks that came equipped with tool chains, including things like netcat, nmap. Eventually, metasploit was unleashed, allowing a greater level of sophistication to circumvent “modern” security controls by hiding its spread within normal communications on a network. Next, financially motivated malware, such as Zeus and Citadel, began to appear; entire industries were created in an attempt to stop them. Then arrived Stuxnet and Flame, which were attacking things like code repositories. At that time, no one was even considering protecting code repositories; ultimately, however, these repositories held the most valuable resource a company could have: its intellectual property.
These examples are used to reiterate my ultimate narrative, which is that no matter what the security solution is to an existing problem, the problem itself will evolve and the security solution needs to evolve with it.
With the advent of technologies like SDN, virtualization, mobile, and hybrid cloud, the attack surface has exploded; your data is now everywhere. As exemplified, this makes the traditional perimeter extremely vulnerable, as these security solutions were not designed for this new world. What makes this even more challenging to secure is that over 83% of the traffic in these modern data centers never traverses the security perimeter tasked with stopping its abuse. This is what the industry refers to as “east/west” or “traffic” that never touches the perimeter but rather applications talking amongst themselves from within the confines of the perimeter. On one hand, the business is driving for things like scalability, lowered operational and capital expenses and resiliency. On the other hand, the security team is desperately trying to maintain control of their network.
Eventually, the business imperatives triumph, but they do so at the cost of security. The perimeter is the final choke point they have left being the DMZ. Because your data is now everywhere, a new approach is needed that places protection closest to the asset wherever it resides, or, as we say, “the data-defined perimeter.”
Over the past few years, cyber threats and breaches have become far more sophisticated, intrusive, harder to defend against, malicious, and costly. Today, enterprises are breached on a regular basis; nation-states continue to launch APT attacks to steal government secrets, blue prints for infrastructures, and PII attached to millions of citizens. In the last 12 months, the number and size of these attacks has hit an all time high.
The saying goes that you can’t fight a new war with old weapons. This is the fatal flaw in traditional security solutions, as they focus on either strictly building out the perimeter or repurposing those solutions to attempt to protect internal networks through hardware. History dictates to us that a completely new data center security solution must evolve to help enterprises be successful and secure on their journey to the cloud. Zero-day and APT attacks quite literally are impervious to signature-based approaches.
vArmour offers exactly what we need: a modern, different approach to combat today’s advanced attacks. For the past three years, the vArmour team has been developing and deploying its data center security solution, which is designed specifically for the cloud, virtualization, SDN, and mobile world. Customers and service providers are realizing incredible value within minutes of deploying vArmour within their data centers. It’s exciting to be a part of something so cutting edge that truly protects companies against today’s evolving threats.
Stay tuned for an upcoming blog that provides further detail on modern day malware and the attacks that are following suit.