As we reach 2022 we find cyber security challenges come in many forms, such as ransomware, phishing attacks, malware attacks, and more. The criminal activity targeting or using a computer, a computer network or a networked device has increased with the increase of remote working. It is usually easier to trick an employee, to hand over sensitive data (like login credentials) or running a piece of malware on a company computer than it is to accomplish these goals through other means. Phishing is one of the most common types of cyber attacks, mainly because it is an effective technique for gaining access to an organization’s network and systems. As a common practice we always expect the Government to secure everything for us and our enterprises against any kind of attacks, which is not true on the basis of reality.
Micro Focus Distributed Denial of Service Protection Services detects, identifies, and mitigates DDoS
Protection against cybercrime
The digital era has made organizations across industries extremely vulnerable to cyber security threats. Cybercriminals are continuously discovering newer hacks and loopholes to disrupt the business and cause loss of data and reputation. According to the Internet and Mobile Association of India (IMAI), cybercrimes in India rose by 2000% during the pandemic. In such an environment, ensuring a robust cyber resilience framework becomes crucial to guarantee business continuity. The foundation of this cyber resilience framework must be built on four focus areas - foreseeing potential threats, resisting the attacks, recovering from any disruption, and modifying protection capabilities as per the magnitude of the risk. With this groundwork in place, IT teams will be able to protect and safeguard vulnerable assets from impending cybercriminals.
Solutions to prevent Distributed DoS attacks (DDoS)
Organizations now are susceptible to a wide variety of threats from traditional spam to malware, phishing, DDoS attacks, and others. These attacks are capable of taking systems down and causing immense revenue loss. A DDoS attack is a simple yet sophisticated attack overwhelming the target network with traffic. At Micro Focus, our Enterprise Messaging Security solution provides unparalleled protection to the entire messaging system and network by leveraging emerging technologies. It uses the latest technology to keep your messaging system protected, including protection for the messaging transfer agent (MTA), post office agent (POA), WebAccess, and Mobility. Additionally Micro Focus Distributed Denial of Service (DDoS) Protection Services detects, identifies, and mitigates DDoS and application-layer attacks while preserving site performance and checking on the availability of critical business applications and services.
Praveen Patil Kulkarni
Country Manager - Security Risk & Governance, Micro Focus
The Lookout Security Platform protecting data from endpoint to cloud
Protection against cybercrime
In India, we’ve seen that organizations typically have strong security solutions on their desktops, servers, and laptops but lack equal protection for mobile devices. Some organizations have invested in mobile device management (MDM) for authentication and administration of devices. However, these solutions don’t provide protection against the most threatening issues like mobile phishing attacks, network-based attacks, and malware.
Today, almost 85% of mobile phishing attacks reach the victim outside of email. Attackers use social media, SMS, third-party messaging apps, gaming and even dating apps to phish their victims. Securing iOS, Android, and ChromeOS devices is imperative to protect enterprise data as employees use these devices for both personal and work reasons, which exposes the data to additional risk. Protecting these devices from phishing attacks and malicious apps will mitigate the risk of attackers gaining unauthorized access to your most valuable data.
In addition, organizations also have unbalanced visibility and data access controls between their on-premises and cloud-based resources. As the world becomes more reliant on the cloud, organizations are both enabling on-premises infrastructure and private apps for web-based access or moving those resources to the cloud altogether. Without uniform data protection policies that grant visibility into how users interact with apps and data across the entire infrastructure, organizations have a massive blind spot to the risk of compromised user accounts accessing sensitive data, exfiltrating it, and encrypting it as part of a ransomware attack.
Threats and Phishing encounter rates for India
According to Lookout customer data, almost 30% of enterprise users and over 50% of consumer users were exposed to a mobile phishing attack every quarter of 2021. By the same measure, 2.5% of enterprise users and 11% of consumer users downloaded a malicious mobile app.
Approach to the current situation
The Lookout Security Platform includes the Lookout Secure Access Service Edge (SASE) and Mobile Endpoint Security solutions. By integrating Secure Web Gateway, Cloud Access Security Broker and Zero Trust Network Access capabilities with Endpoint Protection and Endpoint Detection and Response into a cloud-native platform, IT security policies for access and data classification can be written once and applied to all traffic passing through the single proxy. The platform also natively delivers Data Loss Prevention, User and Entity Behaviour Analytics, Anti-virus/Anti-malware and Enterprise Digital Right Management to protect data from endpoint to cloud.
Surojit Dasgupta
Country Manager – India and SAARC, Lookout
InstaSafe leveraging its three dimensional risk assessment methodology to assess the risk
Protection against cybercrime
India observed more than 6.07 lakh cybersecurity incidents in the first six months of 2021. Cybercrime has drastically increased as people try to benefit from vulnerable business systems. When we talk about cybersecurity there exist five main challenges of it that include phishing scams, attacks of IoT, the adaption of 5G technology, the emergence of a remote workplace, and attacks of cryptocurrency and blockchain. In addition to these, the most significant everyday challenges of cyber security also include breaching of data, threats of cloud security, threats dissipation, ransomware and malware, and many more. Within 2-6 hours of a data breach, the Reserve Bank of India has made it essential to notify the regulator of any such cybercrime event. Watchdog groups in India such as CERT-In have mandated that corporations, service providers, and intermediaries reveal how much data has been compromised and notify workers and consumers of this. A prevalent belief is that the government will protect us and our businesses from any threats, which is simply not the case. A joint effort between businesses and the government is needed to combat cybercrime.
Solutions to prevent Distributed DoS attacks (DDoS)
There are different techniques used to mitigate DDoS such as having distributed assets in the network which will reduce the attack surface, Rate limiting technique which will limit the number of requests a server will accept over a time period from a particular IP, having Web Application Firewall (WAF), adding rules to your gateway infrastructure which accepts traffic from a legitimate source.
One of the effective ways to mitigate DDoS attacks for enterprise application servers is hiding from malicious users. It can be achieved by using Zero Trust Access for enterprise applications that use drop-all firewall rules in your gateway infrastructure. It drops all the traffic which doesn’t come from legitimate devices. A fundamental principle here is “A hacker can’t attack what it cannot detect”.
Approach to the current situation
Based on the Zero Trust philosophy of “Never Trust, Always Verify”, InstaSafe’s Zero Trust solution provides seamless secure connectivity of on-premise and cloud resources to workforce situated anywhere in the world. InstaSafe leverages its three dimensional risk assessment methodology to assess the risk and trust associated with every user, device, and application prior to establishing the connection. Once this process of comprehensive authentication is complete, the user is granted access, but only to the applications that he is authorized to access, while the entire network remains inaccessible.
Sandip Kumar Panda
CEO, Co-founder, Instasafe
VMware delivers security as a built-in distributed service across all control points of users
Protection against cybercrime
Cybersecurity has multiple facets and most enterprises defend themselves with a strategy around Identifying Risk, Prevention and Detection, Respond and Remediation of Attacks. Cybersecurity is a team-game and starts with educating every individual within an organization on cyber hygiene, aligning business goals of organizations to cyber priorities, identifying vulnerabilities and patching them and responding to cyber-attacks. Triad of People, Process and Technology plays a very critical role when it comes to protection against cybercrime. VMware protects its own and customers’ IT assets by delivering security as a built-in distributed service across all control points of users, devices, workloads, networks and clouds. We implement Zero Trust Security Model with fewer tools and silos, and scale our threat response ability with confidence, speed, and accuracy using granular visibility of IT assets and threat landscape. By reimagining cybersecurity as a built-in service, instead of bolted-on agent based service, customers can reduce their attack surface to mitigate security risk, ensure compliance and simplify security operations in a cost-efficient manner.
Solutions to prevent Distributed DoS attacks (DDoS)
VMware NSX Advanced Load Balancer (NSX ALB) protects and mitigates against DDoS attacks by identifying threats, informing admins and automatically protecting against these attacks. Some of the features that are used to accomplish this are TCP SYN Flooding Protection, HTTP DDoS Protection, URL filtering, Connection Rate Limiting per Client, Connection Rate Limiting per User Defined Clients, Limiting Max Throughput / Max Concurrent Connections per Virtual Service (VS) and Limiting Max Concurrent Connections per Server. In addition, NSX ALB’s elastic application services enable on-demand autoscaling of services during an attack giving administrators much needed time to work on mitigating the attack while maintaining quality of service.
Approach to the current situation
VMware lays out a journey to Zero Trust with fewer tools and silos, better context and distributed security model that is built-in and distributed with four major control points – users, networks, endpoints, and workloads. It provides organizations with security capabilities that evolves with their security needs and supports their long-term IT and InfoSec strategies. These capabilities help in securing remote user access to corporate applications using SASE, protecting employee devices against vulnerabilities with automated patching using Workspace ONE & Carbon Black NGAV/EDR, preventing cloud configuration drifts using vRealize Automation SaltStack Config, securing VM / Container workloads using Carbon Black Workload Protection, securing containerized microservices communication using Tanzu Service Mesh and minimizing attack impact with east-west protection using NSX Firewall and Advanced Threat Prevention and NDR capabilities.
Raghuram Krishnan
Director Partner Sales-India, VMware
Trustifi’s one-click solutions leveraging a breakthrough email encryption strategy
Protection against cybercrime
Organizations need a well-rounded solution that offers quality data protection for both inbound and outbound email transmission, which would include encryption, data loss protection (DPL), anti-phishing and anti-malware. Sophisticated, AI-powered tools are essential in an environment where malicious actors are always upping their game with more advanced methods. They are smart and opportunistic, so solutions must be not just best-in-class, but also easy to use and to deploy, so organizations are able to adopt them with success. AES-256 encryption is top of the line, government-level protection.
Solutions to prevent Distributed DoS attacks (DDoS)
In referring to a DoS attack on a network, it’s a very broad term. It can mean an attempt on the cloud infrastructure, on the DNS service (which is very common), or on an organization’s internal network. DDoS attacks could also be aimed at a specific vital service that’s either cloud-based or on-premises, or targeted at the company’s email infrastructure. It could also consist of ransomware sent to main users designed to take down a vital service or access. When it comes to email security, “email bomb” attacks can compromise a company’s email infrastructure and create issues. Strategies like an auto-block in the DNS level, or the App level of IP/domains can help mitigate those attacks. Companies need to include email security to help deter these threats, in addition to solutions that address ransomware and malware.
Approach to the current situation
Trustifi’s solutions are causing companies to rethink how they approach email encryption, leveraging it as a way to deliver control of email data back to the user, as opposed to simply screening threats as they arrive at the network gateway. Trustifi’s one-click solutions—which are aggressively priced and scalable for anything from SMB to enterprise deployments leverage a breakthrough email encryption strategy. This would include one click solutions that automate compliance and encryption for users. The ability for the recipient to easily open encrypted emails without having to go through extra steps, passwords and portals is also crucial, since recipients will simply abandon emails that are difficult to open. Many competing, SEG-based solutions require additional user names and passwords from recipients, which becomes cumbersome to the point of deterring adoption.
Rather than have emails pass through the recipient’s gateway and reside on their server, Trustifi’s solution encrypts messages before they go through the recipient’s gateway. Sent mail messages reside on Trustifi’s proprietary web-based cloud storage platform. This allows messages to be accessed and recalled or altered as-needed, since they’re still officially housed on the vendor’s platform. Users can swap or remove attachments, or reword text for a timeframe that the sender designates.
Rom Hendler
CEO and Co-Founder, Trustifi
A zero trust framework eliminates implicit trust
Protection against cybercrime
It is crucial to invest in threat intelligence management platforms that enable the SOC to operationalise threat data and translate the same into actionable output. This helps make sense of the countless threat vectors that organizations encounter on a daily basis, subsequently bringing focus on the ones that are of real importance. Furthermore, such platforms bring a significant level of automation to the table, eliminating the risk borne from human error and manual cybersecurity processes.
As hybrid work models have blurred the lines between enterprise and home networks, it is important to take a proactive, as opposed to reactive, approach to cybersecurity. Deploying a zero trust framework - that eliminates implicit trust and constantly validates new and old users within a network - can be of great help along with adopting DevSecOps or Shift-left security. DevSecOps integrates security into all stages of the software delivery process, ensuring that developers think about security when they write code.
Solutions to prevent Distributed DoS attacks (DDoS)
There are a number of DDoS mitigation techniques that organizations can implement to minimize the possibility of an attack. But it is important to understand that due to the complexity of these attacks, the key is to employ a layered strategy that provides protection at multiple touch points. Organizations can start by including DDoS detection tools in their security infrastructures. These can help in identifying and blocking the exploits and tools that bad actors may use to launch an attack.
Having a Next-Gen Firewall (NGFW) in place instead of a Web Application Firewall (WAF) can also be of advantage against DDoS attacks. NGFWs provide full visibility and control over applications, users and content operating within the network. In contrast, a WAF is designed to look at web applications and monitor them for security issues that may arise due to possible coding errors.
Approach to the current situation
We see cloud security, SASE, and automation backed by Artificial Intelligence (AI) and Machine Learning (ML) taking precedence in the cybersecurity domain. We recognized very early that the move to cloud will dominate in the coming years. Our focus has been on growing and innovating rapidly by delivering a comprehensive, native, and fully integrated platform with best-of-breed capabilities, alongside cloud-native offerings to our customers. Last year, we announced Prisma Cloud 3.0, the industry’s first integrated platform to shift security left — improving organizations’ entire cloud security posture by reducing security risk at runtime. 3.0 offers cloud code security to embed protections in the development process. In line with the evolving business reality of hybrid workforce, we also introduced PRISMA SASE, an integrated cloud-delivered service with industry-leading network security and next-generation SD-WAN to ensure that organizations stay secure and productive while working fluidly between branch offices and home offices.
Huzefa Motiwala
Director - Systems engineering for India and SAARC, Palo Alto Networks
Akamai’s products and services include layers of defenses to identify the malicious domain
Protection against cybercrime
Akamai’s comprehensive security portfolio has the most effective security capability and unique breadth of our defenses. As the new threat vectors in cybercrime have emerged, we’ve extended our platform to defend against them.
In the era of remote working, Akamai built their architecture with the concept of zero trust model equipped with necessary capabilities that were robust and proactive. The layered defenses in place at Akamai were easily able to adapt to a remote work environment. The concept of Zero Trust has enabled the company’s remote workers to do their jobs from anywhere and protects them at the same time. It’s taken years to architect this model to where it is today, and it’s a continuous process. The security protocols at Akamai addresses several key elements used by criminals including exfiltration, command, and control (C2), and phishing through the layered defense system because the blocks recorded are mostly proactive due to third party access.
Solutions to prevent Distributed DoS attacks (DDoS)
The solutions for DDoS attacks can be fine-tuned according to the respective requirements of the organizations and their internet-based services.
1) Edge Security: The organization should have distributed an intelligent edge platform in such a way that it only accepts traffic via limited pre-decided ports. Therefore, DDoS attacks coming at all network layers are instantly dropped at the edge with a zero-second service level agreement (SLA).
In the case of application-layer DDoS attacks, they are mitigated through APIs which detect the nature of attacks and simultaneously grants access to legitimate users.
2) DNS Security: DNS solutions also filter traffic at the edge and provide a highly scalable platform that has enough capacity to absorb the largest DDoS attacks while also responding to legitimate user requests. Akamai’s domain name system provides redundancies at multiple levels, including name servers, points of presence, networks, and even segmented IP Anycast clouds.
3) Cloud Scrubbing Security: Prolexic is a company under Akamai that stops DDoS attacks with the fastest, most effective defense — at scale. Prolexiccan protect entire data centers and hybrid infrastructures across all system ports with more than 10 Tbps of dedicated DDoS defense. It also offers proactive defensive controls with zero-second mitigation SLA.
Mitesh Jain
Country Manager, Akamai Technologies
A zero-trust access solution is “Roaming” first and “BYOD” friendly
Protection against cybercrime
An organization today thrives to provide “anytime, anywhere, any device” work options to its employees to achieve the highest productivity. The hybrid IT infra and access to services pattern are complex to protect against cyber-attacks. However, the majority of safety can be achieved by adapting basic cyber hygiene and awareness.
A zero-trust access solution for accessing IT workloads/services is “Roaming” first and “BYOD” friendly. Architecturally, it is much simpler to set up, so that human errors in complex VPN settings can be avoided, reducing the risk. Similarly, cloud firewalls can augment or replace the on-prem firewalls to cater to the hybrid multi-cloud workloads, without having to worry about complex configurations and routing setups.
Protecting just the access is not enough though, as the network would continue to have some legacy IoT, and other generic services running at the same time. A great network security is not enough because as much as 55% of the compromises happen by ‘insiders’ – most of them are out of ignorance and some with malicious intent.
Solutions to prevent Distributed DoS attacks (DDoS)
DDoS is the easiest form of attack to bring a business to its knees. Many modern firewalls, on-prem or cloud-based, are now providing DDoS prevention. Even many home routers, and all popular vendors of AV or End Point Security software provide DDoS prevention based on many factors, such as source reputation, source distribution, bot vs. human detection, encrypted traffic entropy, and blocking traffic targeting your applications. It is mandatory to have a WAF or a full-fledged NGFW in front of the applications we need to protect from DDoS attacks. Most of the attack logistics are available to hackers on rent now (such as previously Emotet network) which are used to launch such attacks. Detection, any flooding of requests, analyzing its source, frequency and pattern, and then blocking these sources are the basics of DDoS prevention. Fortunately,it is close to a mature science now that reputed firewalls and endpoint security would be able to handle with great efficiency.
Approach to the current situation
We have state-of-the-art HawkkProtect (Zero Trust User Access)and HawkkScan (Data Privacy and Protection)solutions, which are cloud-managed, easy to set up, BYOD, and Roaming friendly. This provides an unprecedented first level of defense (Network Access Control) to our customers who have a hybrid set of IT assets. Our technology stands out because of its simplicity. Most breaches happen, because of the human errors left in the configuration because of complexity. We have simplified it down to a few clicks, clear auditable logs, visibility and ‘declarative’, ‘English like’ policy language.
Bibhuti Bhusan Kar
Head of Research and Development, Quick Heal
Cyware’s Threat Intel Platform helps to analyze, operationalize, and disseminate threat information
Protection against cybercrime
Defending against the growing cyber threats faced by individuals and organizations alike requires a robust cyber defense strategy involving close collaboration between various stakeholders. In today’s rapidly changing cyber landscape, no single entity can find a silver bullet to stop all cybercriminal activity. Rather, the collaboration and threat of information sharing among private enterprises, government agencies, regulatory bodies, and industry associations through information sharing communities such as ISACs/ISAOs can pave the way for a collective defense.
Solutions to prevent Distributed DoS attacks (DDoS)
DDoS attacks prey on the vulnerabilities in connected systems to form a network of compromised devices or botnets that can then be used for malicious cyberattacks. In addition to using the standard DDoS mitigation and protection tools, organizations need to adopt a threat-centric approach to cybersecurity wherein security incidents are not just seen in isolation but in the right context by identifying hidden patterns through collation of diverse threat data to mitigate such risks proactively. Cyber attackers often spend long periods of time in preparation for such attacks, thereby making it crucial for security teams to leverage real-time threat intelligence to analyze and implement defensive measures beforehand.
Approach to the current situation
Cyware equips organizations with next-gen technologies that can help them streamline their security operations and build a collective defense. To enable organizations to curb threats at an early stage of the attack lifecycle, Cyware’s Threat Intel Platform (TIP) helps connect a variety of stakeholders to analyze, operationalize, and disseminate threat information in real-time. The need for threat intel sharing is more evident than ever as the public and private sector look for ways to collectively thwart cyber threats and improve the readiness of all organizations to respond to various threats. Using Cyware’s TIP solution, organizations can simplify all the different stages of the threat intelligence lifecycle, from ingestion, enrichment, analysis, and scoring, to operationalization and sharing with smart automation capabilities to eliminate repetitive tasks. Cyware’s security orchestration and automation (SOAR) and Virtual Cyber Fusion Center (vCFC) solutions help organizations integrate, automate, and streamline their diverse security functions under a single roof to remove bottlenecks and accelerate their threat response and management activities. Together, the Cyware product portfolio catalyzes the creation of resilient cybersecurity postures for organizations across all industries and scale.
Akshat Jain
CTO and Co-founder, Cyware
Splunk’s analytics-driven security solutions providing a comprehensive approach to cybersecurity
Protection against cybercrime
At Splunk, we believe that, to ensure a strong security posture companies needs to:
● Define its security posture which includes a defined attack surface and the controls necessary to protect it.
● Establish its security posture which starts with an assessment of how effective the security controls are at reducing both the likelihood and impact of a breach
● Adopt a Standard Security Framework right from the start and keep measuring progress with time. Be it NIST, MITRE or Kill-chain, ensure that it suits your business requirements
● Manage its security posture in alignment with the strategy and outcomes of the business.
Approach to the current situation
Splunk’s analytics-driven security solutions provide a comprehensive approach to cybersecurity, including advanced techniques like machine learning and behavioral analytics. These techniques help security teams quickly identify, investigate, and respond to threats based on a broader security context than is possible with legacy security products. These solutions can be deployed on-premise, in the cloud or in a hybrid cloud deployment. Splunk solutions for security allow:
● Insider Threat Detection - Automatically detect insider threats using machine learning, behavior baselines, peer group analytics and behavior analytics
● Advanced Threat Detection - Use kill chain analysis to trace the different stages of an advanced threat, link the sequence of events and enable targeted remediation
● Fraud Detection and investigation - Detects, investigates and reports on a range of fraud, theft and abuse activities in real time.
● SIEM - SIEM solution ingests and combs through a high volume of data in mere seconds to find and alert on unusual behavior, offering real-time insight to protect the business. SIEM use cases such as incident review, incident management support, analytics and behavior profiling along with threat intelligence and ad-hoc search. Splunk is used by large enterprises for an end-to-end security operation – including posture assessment, monitoring, alert and incident handling, breach analysis and response, and event correlation. Intelligence and flexibility enables Security Operations Centers (SOC) of any size to operate effectively.
● Rapid Incident Investigations - Collaboration enables SOC analysts across an organization to rapidly investigate incidents using ad hoc searches with existing correlation rules based on all security relevant data. In one centralized view, analysts can investigate the activities of potential threat actors within the SIEM workflow, speeding up the time for incident response.
● Compliance Reporting - Creates correlation rules and reports to identify threats to sensitive data or key employees. It also automatically demonstrates compliance or identify areas of non-compliance in regards to technical controls
● Log Management - Consolidate, collect, store, index, search, correlate, visualize, analyze and report on any security relevant machine generated data to identify and quickly resolve security issues.
Through these integrations, teams can better detect, investigate and respond at machine speed across their multi-vendor security environments. A unified security posture ensures that an organisation combats threats efficiently.
Jyoti Prakash
Regional Sales Director, Splunk India & SAARC
IBM Cloud Internet Services securing customers’ internet-facing applications from DDoS attacks
Protection against cybercrime
Companies should consider the following guidance when it comes to adapting and overcoming the new security challenges in the digital era:
• Rehearse and Test Your Incident Response Under Pressure: Create a detailed incident response plan and conduct regular simulations with your core team to test your response. It’s also important to have cybersecurity experts on retainer, including incident response teams, crisis communications and outside legal counsel, so that they’re ready to step in the moment there’s an issue.
• Harden your cloud environments and include a zero-trust approach to your security strategy. As environments continue to expand, managing privilege access becomes paramount to ensuring that users are only granted access to the data that is essential to their job.
• Assess your third-party ecosystem and assess potential risks introduced by third-party partners. Confirm you have robust monitoring, access controls and security standards in place that third-party partners need to abide by.
• Empower Employees: Some of the best responses to cyberattacks stem from empowered employees that were allowed to take calculated risks to save an organization’s digital assets.
• Have backups, test backups, and keep offline backups. Backing up systems is a critical best practice. Ensuring the organization has effective backups of critical systems and is testing these backups is more important than ever.
Solutions to prevent Distributed DoS attacks (DDoS)
IBM Cloud Internet Services (CIS) is a simple set of edge network services for customers looking to secure their internet-facing applications from DDoS attacks, data theft and bot attacks, as well as for those customers needing to optimize their web applications, or ensure global responsiveness and the ongoing availability of their internet-facing applications.CIS offers 59 Tbps of network capacity - 20 times bigger than the largest recorded DDoS attack. When a DDoS attack occurs, CIS doesn't use scrubbing centers; the activity is analyzed on the edge, which helps to mitigate DDoS attacks closest to the source.
Prashant Bhatkal
Security Software Sales Leader, IBM Technology Sales, India/South Asia
Cybersecurity mesh architecture integrates security controls into and across widely distributed networks
Protection against cybercrime
Organizations need to take advantage of artificial intelligence (AI) and machine learning (ML) to speed threat prevention, detection, and response. Advanced endpoint technologies like endpoint detection and response (EDR) can help to identify malicious threats based on behavior. Also, zero-trust network access (ZTNA) is critical for secure application access to extend protections to mobile workers and learners, while Secure SD-WAN is important to protect evolving WAN edges. Segmentation is another foundational strategy that can be used to restrict lateral movement inside a network and confine breaches to a smaller portion of the network. Actionable and integrated threat intelligence can improve an organization’s real-time defenses as the speed of attacks continues to increase. Rather than trying to add on more products in each of these areas, a better approach is to use a cybersecurity mesh architecture that integrates security controls into, and across, widely distributed networks and assets.
Solutions to prevent Distributed DoS attacks (DDoS)
A growing number of service providers and data centers now face continuous DDoS attacks rather than the occasional attacks of the past. At the same time, the growing volume of applications and services are also forcing data centers to migrate to higher speeds. As a result, DDoS attack mitigation equipment deployed in the data center is expected to perform at levels approaching 100G speeds to avoid becoming a bottleneck. And at the same time, higher link speeds are needed for increased DDoS mitigation capacity.
Given the realities of this new threat landscape, modern data centers have to build DDoS attack mitigation into their basic infrastructure if they want to guarantee continuous availability to users. FortiDDoS products are designed to provide essential, broad, and advanced threat mitigation techniques for today’s environment. The FortiDDoS models are built using a new architecture that delivers the industry’s highest DDoS attack mitigation performance to ensure data centers can scale their defenses while meeting the evolving needs of their business.
Approach to the current situation
The perimeter has become more fragmented and cybersecurity teams often operate in silos. At the same time, many organizations are transitioning to a multi-cloud or hybrid model. All of these factors create a perfect storm for cybercriminals to take a holistic, sophisticated approach. Cybersecurity mesh architecture integrates security controls into, and across, widely distributed networks and assets. Together with a Security Fabric approach, organizations can benefit from an integrated security platform that secures all assets on-premises, in the data center, and in the cloud or at the edge. Actionable and integrated threat intelligence can improve an organization’s ability to defend in real time as the speed of attacks continues to increase.
Rajesh Maurya
Regional Vice President, India & SAARC, Fortinet
As bots are legitimate internet devices, identifying a DDoS attack is tough
Protection against cybercrime
Cybercriminals orchestrate malware, ransomware, phishing, DDoS attacks, identity theft, etc. to steal valuable data or money. Fortunately, we can adapt best practices to protect ourselves from malicious actors. The first line of defence is using antivirus and other security solutions that provide us visibility at Wirespeed. Updating operating system and software, using strong passwords, not opening attachments in the spam mailbox, refraining from accessing or giving out personal data on untrusted websites and keeping a strict vigil on bank statements can protect us.
Safeguarding the vulnerability of computers
Cybercriminals infect computers with viruses and malware to cause disruptions in enterprise operations, damage to the network, steal or delete data. The number of cyberattacks in India stood at 6,07,220 up to June 2021. Though we can’t stop these attacks but can arm ourselves with preventive measures to protect against them. The foremost defense mechanism is installing a firewall to block any brute force attacks on computers. The second line of defense comprises deploying network detection and response tools. Keeping software and systems updated helps prevent malicious actors from exploiting the vulnerabilities. Ensuring endpoint protection allows enterprises to prevent attacks from devices that are remotely connected to the network.
Solutions to prevent Distributed DoS attacks (DDoS)
Identifying a DDoS attack is a tough task for security teams as the bots are legitimate internet devices. However, certain indications include a spike in traffic originating from a single IP address, an unexpected amount of requests to access a single page or endpoint, etc.
To secure the network from these attacks, three fundamental principles have to be followed; identify, defend and respond. Deploying Network Detection and Response (NDR) solutions that monitor networks 24*7 allow security teams to identify any activity outside the normal parameters in real-time. Once the attack has been detected, NDR solutions ensure that the network is defended properly and prompt security teams with the appropriate course of action. Network Forensic tools can be used to analyse the attack and learn the vulnerable spots in the network. Other measures include installing a firewall, creating a blackhole to channel traffic into that route.
Approach to the current situation
Traditional approaches can no longer be adopted to tackle these sophisticated cyberattacks. Malicious actors need to be dealt with using state-of-the-art security solutions that use Artificial Intelligence and Machine Learning to create cyber situational awareness. NDR solutions need to be deployed to ensure network visibility in real-time and network forensics should be performed to analyse the loopholes.
Praveen Jaiswal
Founder and CSO, Vehere
Nutanix is trusted to power applications in most demanding and security-conscious environments
Naresh Purohit, Director- Systems Engineering, Nutanix India & SAARC
Protection against cybercrime
This is really a multifaceted question, so any answer will have to be looked at from multiple angles. An attacker will use the weakest link they can find, either technological or human. It’s critical to have a multi-layered defence in depth architecture to protect against the former, and a well-trained and cyber-crime aware staff for the latter. It’s particularly important to train non-technical staff, as they are often vectors.
Safeguarding the vulnerability of computers
Of course, applying security patches and best practices is critical, but often overlooked is how changes are made over time to prevent so-called “configuration drift” that can leave a system exposed, even though it had been secured before. It is important to have a system to monitor and verify the expected state and the actual state of your infrastructure, and to rigorously audit that configuration to ensure it’s up to date with best practices and current vulnerabilities.
Additionally, it is critical to defend at all layers, from hardware, to network and operating system, to applications. Simply securing one and not all of them is like locking the door but leaving the window open. Practices like micro segmentation are also important to deliver a zero-trust environment, so that one compromised system does not allow an attacker to easily spread to others.
Approach to the current situation
Nutanix works to help our customers secure all the layers of their infrastructure, from hypervisor to network, and to also integrate with best-of-breed partners to provide a comprehensive solution. We also include automatic security configuration checking in our AOS and AHV systems to ensure that they continually meet compliance baselines (e.g. PCI-DSS, HIPPA etc.) with complete automation & validation along with two factor authentication, restricted cluster access, Data at Rest encryption using Nutanix Software along with native KMS or Hardware based encryption with Self Encrypted drive. Therefore, Nutanix is trusted to power applications in some of the most demanding and security-conscious environments using Nutanix Flow micro segmentation and ransomware protection for Nutanix Files with broad set of certification requirements to ensure compliance with the strictest standards as mentioned below
DDoS mitigation and defense requires a multi-pronged approach
Nitin Varma, Managing Director - India & SAARC, CrowdStrike
Protection against cybercrime
Cybercrime is an ongoing threat. Cybercriminals often commit crimes by targeting computer networks or devices. Cybercrimes can range from security breaches to identity theft. Below are few tips to protect against cybercrimes:
· Regular updation of passwords and security keys: Updating passwords and security keys on a regular basis helps in keeping cyber attackers at bay. The strength of the password also depends on its length; the longer the password is the more difficult it will be to guess. Combining symbols with alpha-numeric characters and numbers is a great way to strengthen the password and enhance security.
· Setting unique passwords: The usage of more common and generic passwords makes them more vulnerable to cyber-attacks, as they are relatively easier to guess and hence easier to crack as well. Therefore, it is recommended to set unique passwords.
· Not trusting anyone blindly (on emails): Be mindful of deceitful emails and compromised web pages which could be spam or intended for phishing attacks. Interaction with such emails could prove to be harmful as they could steal personal information and/or install viruses onto the system.
· Securing the device: In case a device is lost or stolen, the information contained in the device could be used to access personal information or make monetary transactions or could even be used to duplicate the identity of an individual leading to unfortunate consequences
· Use of most advanced security options: The daily up-gradation and evolution of new threats require the use of most advanced security features which could protect against those. These threats could include viruses, ransomware and it is best to choose the advanced security option that can protect both personal and financial information.
· Use of anti-virus software and keeping it updated: Using anti-virus or a comprehensive internet security solution like CrowdStrike Falcon is a smart way to protect your system from attacks. Anti-virus software allows you to scan, detect and remove threats before they become a problem.
Solutions to prevent Distributed DoS attacks (DDoS)
India now has the second highest number of internet users globally and increasing digitization must be accompanied by sharper focus on securing systems as attacks could come from anywhere. Below are some of the solutions or steps to be taken to be prevented from DDoS attacks:
· Having a response plan in place: Prior to the occurrence of a DDoS attack, a response plan should be ready in case of a security breach for a prompt response. The response plan should be able to outline the way ahead for business operations in case of the attack being successful. An incident response team could be established with defined responsibilities, including notifying key stakeholders and ensuring communication throughout the organisation in case of a successful attack.
· Securing infrastructure with DDoS attack prevention solutions: The network, applications, and infrastructure needs to be equipped with multi-level protection strategies. Combination of firewalls, VPN, anti-spam, content filtering and other security layers to monitor activities and identify symptoms of a DDoS attack.
· Performing a network vulnerability assessment: Identification of weaknesses in the form of security exposures within the network before the occurrence of an actual attack comprises vulnerability assessment. This way a firm can patch up their infrastructure and be better prepared for a DDoS attack.
· Identification of warning signs of a DDoS attack: Early identification helps in taking a prompt response and mitigating the damage. Intermittent web crashes, spotty connectivity, and slow performance are some signs that an organisation could be under a DDoS attack.
· Adoption of cloud-based service providers: Outsourcing DDoS attack prevention to the cloud has benefits such as high levels of cybersecurity, including firewalls and threat monitoring software, along with greater bandwidth than most private networks.
Approach to the current situation
The purpose of a DDoS attack is to disrupt the ability of an organization to serve its users. Malicious actors use DDoS attacks for competitor sabotage, insider revenge, nation-state activities, mayhem/chaos. CrowdStrike Falcon is the first cloud-native endpoint protection platform which deploys in minutes to deliver real-time protection and actionable intelligence against any threats including DDoS attacks. It seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed. CrowdStrike Falcon protects customers against all cyber attack types, using sophisticated signature less AI and Indicator-of-Attack (IoA) based threat prevention to stop known and unknown threats in real time.
DDoS mitigation and defense requires a multi-pronged approach. Below are few solutions/tips to prevent, detect and remediate DDoS attacks.
• Establish consistent and comprehensive training for employees about how to recognize common attack indicators and promote responsible online activity.
• Verify extortion attempts when adversaries threaten massive DoS attacks. CrowdStrike’s solutions help the partners’ organization quickly investigate the threat and gauge their ability to disrupt operations - potentially saving the organizations significant money in the event the threat is not credible.
• Conduct routine tabletop exercises and penetration testing to improve prevention capabilities by identifying weaknesses in the network architecture.
• Segregate backups to prevent enumeration if and when ransomware begins to encrypt.
• Encrypt sensitive data when it is at rest and in motion to reduce the risk of data loss, leakage or theft.
• Ensure the best instrumentation in order to improve network visibility.
• Create a communications plan so that the company can manage media inquiries, customer questions and other stakeholders’ issues quickly and clearly.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
