/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow Us/pcq/media/post_banners/wp-content/uploads/2020/04/cyber-security-3400555_960_720.jpg)
A lot of the attacks are credential stuffing, because all of us have so many online profiles. We tend to reuse our username-passwords across, which eventually goes to the dark web. Edgar Dias, MD, F5 Networks, talks about the latest in the security scene.
How is the threat landscape changing?
Earlier most of the threats were at the network layer. But application layer attacks are increasing, because applications have become more and more dispersed. Earlier it was like protecting a fort, but as applications move to the cloud, the threat vector has become much larger. We also talk of something called “Application Capital”. Earlier it was about the number of machines and then the number of people. Now we think that the value of companies is more around applications. For example, WhatsApp was bought by Facebook for about $17 billion and it had just about 200 employees.
When you move an application to the cloud, you need to protect it in multiple forms. For one, how do you authenticate when you when you reach a publicly available application? A lot of the attacks are credential stuffing, because all of us have so many online profiles. We tend to reuse our username-passwords across, which eventually goes to the dark web. Those stolen credentials can be used to masquerade as you on many other applications.
Today, you can pick the best level of security around your application. But where is the weak point? When you're accessing this application through a browser, that browser could be sitting on a machine that has malware. But, the biggest thing is the credential. Because, if I can get a credential, I can steal it and I can masquerade as it coming and take data out.
If you're part of a bank and I get your username and password, I have access to all your data. So what we are doing for banks is when you go through a browser, we send a key as a response back and after that as you type a username and a password, it can be encrypted. So even if you have a keylogger that is sitting on that machine, it cannot see that because it is garbled. So there are these kinds of innovations that we have built on our technology that protects the application and also the person who's accessing it.
Confidentiality of data is absolutely paramount. How do I protect data? How do I ensure that I have to protect the identity? How to protect the backend infrastructure in the applications? As security vendors, we need start looking at each of these pieces and start to find out what each of these piece needs. You can talk of 5G, Deep Learning, ML-AI and all of that, but at the end of it, the human being and his identity has to be made secure, because if someone steals your identity, they can do anything with it.
What about APIs and bots?
Some surveys say close to 50-60% of Internet traffic is bot traffic. Some of that is good. A lot of that is bad. How do you stop a bad bot? We have a technology called IP intelligence, which uses a database we have built up to detect bad bots. When I give it to a customer, I can block the bad bot at the entry point itself.
Then we’re living in an API economy, which is end to end. Now if I consume an API from a third party, how do I know that the traffic is coming on the API is legitimate traffic? I can be easily compromised. So I need some ability to go back and inspect the traffic that's coming. When doing e-commerce, I’m dealing with hundreds of companies. I'll be connecting to wallets, payment banks, delivery guys… it’s almost a universe. But thanks to our architecture, we have the ability to terminate sessions and inspect L4 to L7. So the use cases that we have developed are very useful for customers.
What are the uses of Machine Learning?
We use Machine Learning capability of our product to build patterns. We see how users interact with a particular application and then through a process of learning, we know what will happen when the application responds back to a user. One of the big challenges for customers is when they buy security products is the policy. That policy is determined by the administrator. If he does a good job, fair enough. Otherwise there are a lot of false positives. But there are a lot of exceptions. After some time, people say there are 100,000 exceptions and I don’t have time for that. So we come out with a kind of policy editor and after some time through ML you start to build a policy that is ideal for a particular application. So our customers don’t have to go through a process of trial and error.
What about the Internet of Things? IoT devices are expected to mushroom in the 2020s.
Looking from a from a data standpoint, it is it is becoming even more important to protect not only applications and networks, but also devices like those related to the Internet of Things. But IoT is already happening. Look at CCTVs, smart water and electric meters etc. If a city has a smart grid then a hacker can take over and deprive the citizens of say electricity. Recently an attack on the grid was a precursor to have to an actual army attack on a country.
So you have to be able to protect every single device that is out there. Our view is that security cannot be at any one particular area. It has to be at multiple different points of the network. There's not going to be one solution. So how do you do a multi-factor authentication? How do you put a second level of security when a password is compromised? A third level of security? What is the architectural requirement? What are some of the technologies that we need to complement that? We build all of that into some of our products.
Cybersecurity is like a cat and mouse game. Are the cyber criminals getting better?
Threats are becoming more sophisticated. Criminals are becoming more innovative. One of our prospective customers lost $20 million within 10 days. A malware got injected into a network, which created a duplicate ATM switch that compromised the CBS (Core Banking Solution) applications. They were then able to use specific kind of cards that could bypass every aspect of the network.
What about ransomware attacks?
I read about one of the largest shipping companies in the world getting hit by ransomware. They realized that one fine day their networks and applications were just locked down. It was so hard for them to actually come back into operation. They didn't know what hit them. They had perishable goods sitting in a container that kind of rotted away. They had to pay the ransom infrastructure that they had to junk their goods because it became worthless. But more importantly, from a regulation standpoint, the insurer did not look at it as a forced measure. Such things may be happening in India though not made public.