/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsThe potential damage from enterprise network incursions is staggering. According to a report released by the World Economic Forum, failure to boost cyber security could cost the world economy a staggering $3 trillion.
But beyond the monetary figures, what is the damage?
The damage from successful network security attacks can take many forms:
- Theft of data. This consists not only of financial data, such as credit card numbers, but can also include customer lists, intellectual property, and product development and marketing plans.
- Loss of time. It can take a great deal of time to recover from a security attack, or even from the suspicion of an attack. Data may need to be recovered or reconstructed and systems extensively checked.
- Monetary loss. This is often preceded by the theft
of data.
- Disabled or crippled services. Protesters and some governments may seek to disable offending Web sites. Hackers may be purely malicious in their intent.
- Legal exposure. Any of the previous items may expose an enterprise to law suits for loss of data or money entrusted to them.
Attacks and incursions are going to happen - no system or network is foolproof. IT, while good at removing and coping with known vulnerabilities before they affect the network, also need to build up network security resiliency. Network security resiliency is a plan for how to detect, assess, and mitigate the damage from attacks as they happen.
For many enterprises, this area provides a great deal of uncertainty. Usually, IT relies on security device and application data sheet information to understand how their network is likely to respond during an attack. Most groups can answer vulnerably questions, but have much more uncertainty when it comes to answering resiliency questions. Why is this?
- Building and testing to validate resiliency with any degree of accuracy requires expert knowledge of how attacks work, how attackers think, and knowing where the network in question is most vulnerable.
- Creating realistic scenarios that emulate real-world attack traffic is difficult, and again requires expert knowledge of attack methods.
- Building the lab space necessary to carry out testing, then implementing a rigorous test schedule, is beyond the scope of many enterprises.
What is required of security measures in place?
However, forward-thinking enterprises concerned about protecting their networks are building real-world, proof-of-concepts lab setups that can test security resiliency. The effort and cost of maintaining a "cyber range" to validate security is quickly outweighing the cost of cleaning up a security disaster. Testing network security devices for resiliency requires a number of techniques:
- Known vulnerabilities. Known vulnerability testing is the cornerstone of network security device testing. Attacks are mounted against the security device by using a large database of known malware, intrusions, and other attacks
- Massive denial of service. Denial of service attacks often use large numbers of computers that have been taken over by hackers. Those computers use dozens of attack techniques designed to overload network and security devices. This type of testing requires test equipment capable of simulating thousands of computers.
- Realistic multiplay traffic with comprehensive quality of service metrics. Not only must security devices fend off attacks, but they must pass non-malicious traffic at the same time. To ensure this, testing for defense against attacks must be done with a background of real-world multiplay traffic. That is, a mix of voice, video, data, and other services that constitute normal traffic should be applied to the DUT such that the sum of the malicious and normal traffic is the maximum for the device's interfaces.
- Encrypted traffic. The process of establishing an encrypted link, and then subsequent encryption and decryption can be a significant load for a security device. It is essential that a realistic mix of encrypted traffic be mixed with clear traffic during performance testing.
- Data leakage tests. Data leakage testing involves transmission of data from the ‘inside-out' to determine if data loss prevention devices will detect the leakage of proscribed information. All outbound means must be tested, including e-mail, e-mail attachments, Web-based mail, Web form data, FTP, and IM.
From product selection through deployment and maintenance, resiliency is something that warrants a closer look. But it is not just a technology issue - it is an organizational issue. More advanced security programs are adopting resiliency planning as part of their budgets, proof of concepts, and product selection processes.
Data sheets can help guide decision making, but don't provide a guarantee that your security infrastructure will be resilient when challenged by extreme loads, diverse application mixes, and unfriendly attacks. Ensuring security resiliency through real-world testing, using real-world malware and attack methods, is the only way to be sure that your network can withstand current - and growing - security threats.