Subscribe

The importance of protecting business apps in the cloud


Johannesburg, 15 Mar 2017

Firewalls are generally viewed as the tactical response to keeping attackers out of corporate networks. They're the walls around the castle, so to say, the sandbags along the river, the firebreak in the wilderness trying to stop a rampaging fire. But, firewalls have long served a dual purpose in the enterprise; that is, they have also controlled access from the inside out. Early on this was used to gate access to the adolescent Internet and continues to be a mechanism for enabling preventative measures against "phone home" attempts by malware and viruses that have managed to infect internal assets.

"Today, the prevalence of cloud-based productivity apps requires inside-out access. And if we're using cloud-based apps, we need access to the Internet," continues Lorie MacVittie, principal technical evangelist at F5 Networks. "Salesforce.com. Concur. Google Docs. Social media. The list of applications that reside outside the enterprise to which the business needs access goes on and on and continues to grow."

Business is inarguably dependent on the cloud. That means disruption of access to those services is devastating to productivity, which is one of the key performance indicators in any business.

BlackNurse made waves at the end of 2016 as a type of distributed denial of service (DDOS) attack that targets firewalls that are vulnerable to a "ping flood attack".

"An attack like BlackNurse, which is relatively easy to conduct and requiring little more than a single laptop, is incredibly disruptive in spite of its relative simplicity.

"The goal of such attacks is simple: resource consumption. Low and slow attacks, whether targeting firewalls or Web servers, are designed to tie up resources so the device cannot respond to legitimate requests. The problem is that such attacks are often more difficult to detect than their volumetric cousins. High volumes of traffic are noticeable. It sets off alarms and red lights and people immediately understand what is going on. We've focused a lot of energy in the past ten years to understanding how to combat such attacks and are luckily getting better at doing so," says MacVittie.

But detecting a low and slow attack is more difficult, she warns. "The CPU suddenly pegs at 100% and stops responding. Could be a software problem. Could be a hardware problem. Could be a lot of things. Sifting through logs to find the low volume of packets representative of this kind of attack is akin to the needle in a haystack problem," points out MacVittie.

According to researchers, the BlackNurse attacks generate only 15 to 18 Mbps. There's no "G" in that measure. That's about 40 to 50K packets per second, which is nothing to modern firewalls. Conversely the DDOS attack recorded against Dyn measured in the 1 Tbps range. That's a "T", which is bigger than "G" and much larger than "M".

"The answer to such attacks is usually to move apps to the cloud where firewall services are not constrained by such antiquated concepts as 'limited resources' and are able to scale effortlessly and automatically. Except it's not. That is because the business still has employees behind the corporate firewall that have to access those apps (and others). And it is their access that is being disrupted when the target is the corporate firewall that stands between them and 'the cloud'. It is productivity that suffers," highlights MacVittie.

Businesses need to recognise the potentially perilous state caused by attacks that disrupt outbound traffic as well as inbound.

While BlackNurse has a fairly simple mitigation already, there are likely to be others that are not so simple to mitigate. And, in a world where we depend as much on the apps inside the firewall as those outside it, we need to take a close look at the possibilities of such attacks.

"If you haven't yet, then it's past time to evaluate how dependent your business is (or will be) on apps 'in the cloud' and how to best protect access to them in the face of threats designed specifically to deny business from going about its daily, well, business," concludes MacVittie.

Value-added reseller, Networks Unlimited, distributes F5's cloud and security solutions across Africa. Please contact Alexa Gerber, F5 product manager at Networks Unlimited for more information: alexa.gerber@nu.co.za.

Share

Networks Unlimited

Networks Unlimited is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Arbor Networks, Fortinet, F5, Mellanox, NETSCOUT, ProLabs, Rackmount, RSA, Rubrik, Silver Peak and Tintri. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, WiFi-, mobile- and networking security, load balancing, data centre in-a-box, and storage for virtual machines.

Since its formation in 1994, Networks Unlimited has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market.

Networks Unlimited complies with the South African Broad-Based Black Economic Empowerment (B-BBEE) guidelines as a Level 4 Contributor.

Editorial contacts

Chriselna Welsh
Networks Unlimited
(+27) 011 202 8400
chriselna.welsh@nu.co.za