Thursday, March 27, 2014

So You’re Compliant, But Are You Secure?

Do you really know the difference between compliance and security?  Enterprises often make the mistake of thinking that being compliant is synonymous with being secure. The reality is that security is often inadequate when people rely solely on compliance requirements to get the job done, rather than simply using them as guidelines for creating a secure network infrastructure. Passing a compliance test or audit does not guarantee that your network, infrastructure, or information is secure. With the growing number of hackers, theft, and fraud over the internet, no one is safe. Understanding your IT risks and the best ways to prevent attacks will help achieve both compliance AND security.

Juniper Network’s WebApp Secure addresses both compliance and security by delivering the smartest way to secure websites and web applications against hackers, fraud, and theft. WebApp Secure is the first Web Intrusion Deception System that provides zero false positives, blocks attacks, and prevents and deceives potential attackers in real time. To proactively identify attackers before they do damage, WebApp Secure uses deceptive techniques and inserts detection points, or tar traps into the code of outbound Web application traffic. Traditional signature-based Web application firewalls, while providing the necessary security mechanisms to maintain compliance, fall short because they rely on a library of signatures and are always susceptible to unknown or “zero-day” exploits and Web attacks.  WebApp Secure inserts detection points into web code which creates a random and variable minefield within the web application.  By using tar traps to entice and detect attackers, WebApp Secure is able to provide compliance as well as security with zero false positives.

WebApp Secure does not rely solely on an attacker’s IP Address since it is possible that legitimate users could be accessing your site from the same location or IP address.  Instead, WebApp Secure uses a complete device fingerprinting method based on over 200 unique system identifiers to create a comprehensive profile of each attacker it sees.  Attackers using a browser-based method to hack your website will be tracked by injecting a persistent token into their client called a “super cookie”. Even if that user clears their cookies and cache, the token will still persist in all browsers. Attackers that use automated tools, software, and scripts are tracked using a fingerprinting technique to identify the machine delivering the script.

In addition to device fingerprinting, smart profiling technology is used to determine the best response to attacks. Responses can be as simple as a warning or as deceptive as simulating a broken site.  The attacker thinks that they are having a negative effect on the site, while normal users see the site as they should - fully functional. Every detected attacker profile receives a threat level based on the overall maliciousness and level of sophistication of attack.  Configuring automatic actions for given threat levels allows security administrators to prevent attacks in real time. Juniper Networks WebApp Secure works continuously to detect, track, and protect against any attacks allowing your enterprise to be both compliant and secure.

If you're interested in learning more, we are co-hosting Juniper Tech Days in Toledo, Indianapolis, and Louisville in April. Find out more here.

1 comment: