Imperva outlines how hacking has become industrialized, details monitoring processes to forecast and disrupt future hacking targets<\/p>\n
AUSCERT: Gold Coast, 17 May 2011 – Imperva, the leader in data security, today presented \u201cCyber Vigilantes: How Security Researchers are Hurting the Business of Hacking\u201d at this year\u2019s AUSCERT Conference. The presentation detailed how developments in hacker attack techniques are overwhelming organisations today, increasingly innovative and bypassing security protocols due to insufficient time and internal corporate resources needed to defend ongoing attacks. Imperva detailed industry vulnerabilities how to best protect against these data intrusions in the future.<\/p>\n
In 2010 Imperva launched its Hacker Intelligence Initiative to investigate the anatomy of attacks as well as key hacking trends by exploring the cybercrime industry utilizing techniques including hack-back, forum monitoring and internet traffic surveillance. The HII\u2019s purpose was to help the industry better tune their defences and understand the nature and focus of cyber attacks.<\/p>\n
Imperva\u2019s Web Research Team Leader, Tal Be\u2019ery confirmed: \u201cHacking has become extremely industrialised. Attack techniques, vectors, tools and platforms continue to evolve very rapidly, even for those of us working in the data security sector. Each industry faces a varying list of vulnerability possibilities for intrusion. For example the financial services sector is not exposed to authorization vulnerabilities in the same way the telecommunications sector is. This makes it very difficult for organisations to understand and provide the unique resources and time they need to manage these issues as they happen.\u201d<\/p>\n
Be\u2019ery also outlined the drivers for the most recent attacks and areas of interest noting, \u201cfor example hacker interest in mobile has increased. There was almost a ten-fold hacker interest in mobile last year, and we have seen nothing that refutes its continued growth this year.\u201d<\/p>\n
The presentation detailed the methodology employed by Imperva research labs to measure both quantitative and qualitative analysis of information being disclosed. Be\u2019ery said: \u201cWe monitor the communications of hacker forums and rate the most popular topics being discussed today. By understanding the business of hacking we can look at activity including: the discovery of full-fledged Cross Site Scripting (XSS) attack campaigns, server-generated Distributed Denial of Service (DDoS) attacks, a data collection containing millions of users passwords, and cloud-based technologies used by hackers.\u201d<\/p>\n
The Imperva research team is also responsible for monitoring the growing range of tools and kits for every attack type, known automated attacks and the emerging automated attacks.<\/p>\n
In order to help the audience gain an understanding of which controls they should apply to secure their systems against the evolving hacking industry Be\u2019ery summarised his recommendations for protecting corporate data:<\/p>\n
\u00b7 Introduce proactive detection into your security environment<\/p>\n
\u00b7 Assess what is sensitive data and apply the necessary controls on that data<\/p>\n
\u00b7 Stop attacks before they even enter your application<\/p>\n
\u00b7 Ensure guards are updated in real-time<\/p>\n
\u00b7 Follow up on trending attack techniques and models<\/p>\n
\u00b7 Irrelevant controls are not necessarily old controls<\/p>\n","protected":false},"excerpt":{"rendered":"
Imperva outlines how hacking has become industrialized, details monitoring processes to forecast and disrupt future hacking targets AUSCERT: Gold Coast, 17 May 2011 – Imperva, the leader in data security, today presented \u201cCyber Vigilantes: How Security Researchers are Hurting the Business of Hacking\u201d at this year\u2019s AUSCERT Conference. The presentation detailed how developments in hacker<\/p>\n