Automated. Adaptive. Simplified. Isn’t that what a cybersecurity solution should be? We know that the number one priority for security teams today is detecting and stopping advanced attacks before they cause major damage. Bad actors are operating with increased organizational efficiency and a seemingly bottomless pit of financial backing, not to mention they are constantly turning up the level of technological innovation they use to carry out their exploits.
Former US President, Ronald Reagan frequently used the Russian proverb “Trust, but verify”. This adage is also frequently used in the blockchain community. The idea is that some things are important enough that they must be verified.
When it comes to defending your organization from cyber crime, time matters. Visibility matters. Environment matters. And, more than ever, conditions matter. In order to shrink the time from detection to remediation, security operators need a cyber defense system truly adapts to a hyper-active threat climate and is designed from inception to be agile. That window of time between detection and remediation defines the overall potential impact of a security breach. The longer the time, the greater potential for damage. The diversity of environments – physical, virtual, private cloud, public cloud, locations, and departments – drives the need for a more responsive and unified approach to cybersecurity. The sheer volume of information generated by your security environment creates a firehose of alerts from so many sources that security operators often have difficulty seeing the most crucial characteristics of the threats that come into their view.
As the "Internet of Things (IoT)" phenomenon is catching on in a big way, I wanted to quickly capture the state of affairs of IoT in the context of security and how different Juniper technologies can help provide security to IoT infrastructure as well as protect other enterprise infrastructure from IoT devices
On November 10th, 2016, Danish firm TDC published a report about the effects of a particular ICMP Type+Code combination that triggers resource exhaustion issues within many leading Firewall platforms. The TDC SOC has branded this low-volume attack BlackNurse, details of which can be seen here, and here.
"This is the best article and test we have to date on the BlackNurse attack. The article provides some answers which are not covered anywhere else. The structure and documentation of the test is remarkable. It would be nice to see the test performed on other firewalls – good job Craig ”
Each year, the economics of "fighting back" against Hacktivism, CyberCrime, and theoccasional State-Sponsored attack become more and more untenable for the typical Enterprise. It's nearly impossible for the average Security Team to stay up to date with the latest emerging threats while also being tasked with their regular duties. Given the current economic climate, the luxury of having a dedicated team to perform Cyber Threat Intelligence (CTI) is generally out of reach for all but the largest of Enterprises. While automated identification, curation, and enforcement of CTI cannot truly replace human Security Analysts (yet), it has been shown to go a long way towards increasing the effectiveness and agility of your Security infrastructure.