Preventing surface attacks with cloud security
Cyber attacks have become more persistent and sophisticated, and at RSAWEB, we have seen some customer networks and servers being compromised due to a lack of edge security or visibility.
And as a result of these surface attacks, some system administrators have been forced to utilise unnecessary resources due to their servers being severely compromised for weeks or more. In addition, they were highly likely to receive a rather large cloud overage bill too – making this kind of assault somewhat costly for any business.
Because we are constantly looking at ways to assist our customers, we decided to conduct an internal research project to find out how many (and how often) malicious attackers scan and/or try to exploit servers.
To do this, our engineers developed what we call a small honeypot – a server with applications that simulate the behaviour of a real system that can be deployed on any hosted cloud. With all communication with the honeypot being considered “hostile” and the honeypot acting like a probe, we would be able to collect and report back on all the data to a central database, which we could then analyse.
So, under the guise of a PABX and Apache web server to lure in the attackers, we deployed these honeypot probes on clouds based in Toronto, London, Amsterdam and Johannesburg and we waited for the data to come in… and the results were completely unexpected!
We found that 43% of the attackers scanned and tried to exploit all of the probes… this meant that even though the probes were residing on different continents, cloud providers and RIR (Regional Internet Registry) IP addresses, all of them were being exploited by the same attacking IP address. In addition, we saw that some of these attackers even tried to exploit the probes up to 8 000 times in one month. That’s incredible.
We knew that given these findings, it’s all too evident that companies really do need to reduce their attack surface. The solution for this would be to utilise next-generation firewalls or intrusion detection systems to become part of a security foundation.
Now this sounds very simple to any Chief Information Officer (CIO), but according to a recent survey by ESG Research, did you know that 62% of security professionals feel that it is very difficult to get the same level of visibility on clouds as they have on their own networks?
Simply put, that’s not true, and what’s more, we have made it easy for you. With Enterprise Cloud (Virtual Data Centre) you can have access to perimeter protection, port-level firewalls and detailed firewall reporting – all of which will enable you to increase your network’s edge security and visibility on the cloud.
Don’t live on the edge – protect your network and save money too. Contact us to find out more.
Click here to chat