Support: 1-800-961-4454
Sales Chat
1-800-961-2888

How To Ruin A Cyber-Attacker’s Day

This is a guest post written and contributed by James D. Brown, CTO of StillSecure, a Rackspace Cloud Tools partner and provider of a full suite of cloud network security products and managed security services to protect organizations.

Since the earliest days of humankind, there has been an ongoing race between those trying to protect what they have (the havers), and those trying to take from others (the takers). In physical terms, this has meant the use of safes, locks, walls, gates, fences, guards, cameras, radar and other technologies.

Any one of those technologies can be overcome by a sufficiently motivated taker. A safe can be cracked, a lock can be picked, a wall can be breached, gates broken, fences cut, guards immobilized, camera sensors burned, radar fooled, etc.

However, consider the exponentially increased challenge of attempting to work through multiple layers of defense. Suddenly a taker goes from having to solve one fairly straightforward problem to having to be able to overcome multiple hurdles to reach their objective. Not only that, they have to eliminate one barrier and move to the next potentially while sidestepping simultaneous defenses – a taker has to avoid being caught on camera while he cuts through a section of fence before he can reach that camera. This makes for really interesting plot devices in incredibly complex break-and-take movies like the “Ocean’s Eleven” or “Mission Impossible” movie series.

It takes what would otherwise be a fairly straightforward effort for a taker and turns it into a monumental challenge. The takers in those movie series are always successful – it wouldn’t be fun to watch if they weren’t –  but it’s easy to envision something going wrong at the worst moment and resulting in the takers being caught by the havers and ultimately disappearing into the basement of some non-descript building accompanied by imposing well-dressed men without a sense of humor, never to be heard from again. Every additional layer of defense provides another potential moment for something to go wrong for a taker; a way to be caught.

In the world of network security, the same holds true. Multiple layers of defense make it much easier for havers to stop and catch takers, or best of all, to discourage them from trying to take what you have in the first place. Surely we’ve all heard the story of the thief who avoids the house with the big barking dogs inside in favor of the house that looks like easy pickings.

In May 2012, StillSecure announced a new multi-layer managed security offering designed for the public cloud. StillSecure’s Managed Security Services, in concert with its Cloud Network Security Appliance (NSA), is designed to make life difficult for takers who try to attack cloud servers. As part of Rackspace’s Cloud Tools marketplace, StillSecure aims to protect the Rackspace Cloud Servers environment, discouraging would-be takers, and in the event there is one who feels especially driven to get in, providing multiple opportunities to identify, possibly stop and ideally prosecute him.

The Cloud NSA provides multiple services to protect your Rackspace Cloud Servers environment, including managed firewall, managed IDPS, managed VPN, managed web application firewall, managed security event log management and file integrity monitoring, as well as vulnerability scanning, among others.

You can think of a managed firewall as a wall around your cloud servers with a gate that allows in only those you want to have in your compound.

Intrusion detection is like a camera, and in concert with the StillSecure Security Operations Centers (SOCs), you’ve got round-the-clock guards watching those cameras. Go further, and intrusion prevention mounts a laser beam on that camera to surgically remove the tools an attacker is trying to use against you.

But wait, you want your own employees to have access to your cloud servers. You can add a managed virtual private network (VPN), and dig a tunnel under your defenses so they can get in and do what they need to get done. Meanwhile you can close some more above-ground gates to make it even more difficult for attackers to get into your complex.

Got a web server to protect? Add a Web Application Firewall. That’s like an (armed) detective trained in criminal behavior. The detective watches for complex and subtle behaviors that could be used to trick your webservers, and happily uses his gun to stop any would-be attackers before they can gain control or extract your valuable data.

Worried you’ve got a spy in your midst who’s either trusted, or who has somehow gotten past the rest of your defenses? Managed Security Event Log Monitoring and File Integrity Monitoring will check for suspicious security events that may even indicate an entirely new method of thwarting your defenses (zero day attacks). These services act like the auditor that finds the embezzlement despite all the controls to prevent it.

Finally, you can bet that attackers will continually be testing your defenses, looking for weak spots. Some attacks will succeed, despite all best efforts, because no one has yet invented the perfect lock or the impenetrable fortress, and your last line of defense is your software. A regular vulnerability scan of your operating systems and applications will help notify you when your software requires patching to make it that much more difficult for an attacker to gain a foothold.

Adding those multiple layers of defense – also called defense-in-depth -using StillSecure’s Managed Security Services delivered by our Cloud NSA gives you an environment that is protected against the vast majority of takers, and will notify you if you’ve been compromised. From there, you can find your attacker and hand him over to law enforcement.

Know of any good non-descript buildings?


About the Author

This is a post written and contributed by Bob Bardwell.

Bob Bardwell is a Racker who works in Rackspace Corporate Development; his background includes financial statement and single audits. He enjoys golf, geopolitics, and networking.


More

Leave a New Comment

(Required)


Racker Powered
©2014 Rackspace, US Inc.