Monday, 13th July 2020

Cyberattacks breach firewalls half of the time

According to new research, many have had their networks infiltrated; others admitted to facing difficulties when altering WAF policies to guard against new attacks.

Neustar has released a new report from the Neustar International Security Council (NISC) highlighting growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their Web Application Firewall (WAF).

Almost half (49%) of security professionals reported more than a quarter of attempts to sidestep their WAF protocols had been successful in the last 12 months. In addition, as many as four in ten respondents disclosed that 50 percent or more of attacks had managed to get around their application layer firewall.

These findings come at a pivotal time, as organisations continue to adapt their security strategies to cope with the increase in malicious web activity associated with COVID-19. Almost 30 percent (29%) of respondents admitted they had found it difficult to alter their WAF policies to guard against new web application attacks, while just 15 percent said they had found the process very easy.

Despite many having already been on the receiving end of a successful web-application attack, 39 percent of respondents declared they do not have a WAF that is fully integrated into other security functions; a technique that is critical in developing a holistic defence against a variety of attack types. Three in ten also claimed that half of network requests have been labelled as false positive by their WAF in the last year.

“As members of the public we have witnessed the steady and significant growth of volumetric DDoS attacks, fake domains, malicious malware and harmful misinformation. However, while these may be the security concerns capturing headlines, those within the community have also seen the unsettling rise in application-layer attacks,” said Rodney Joffe, Chairman of NISC and Senior Vice President and Fellow at Neustar. “Often unleashing destruction before they are even recognised, these attacks are equally as damaging, targeting specific vulnerabilities to cause a multitude of complications for those on the receiving end.”

“Due to their ‘under-the-radar’ nature, application-layer attacks are difficult to detect and therefore require a security posture that is always-on in order to be identified and mitigated. Only by providing protection across the entire network can organisations respond to the type of threats we are seeing today. For full-protection that doesn’t hinder business performance or add unnecessary complexities, organisations should opt for a cloud-based WAF, underpinned by curated, actionable threat data. Not only is this approach guaranteed to safeguard against the most common web threats, it also delivers visibility into application traffic, no matter where the applications themselves are hosted,” added Joffe.

Findings from the latest NISC research also highlighted a steep 12-point increase on the International Cyber Benchmarks Index year-on-year. Calculated based on the changing level of threat and impact of cyberattacks, the Index has maintained an upward trend since May 2017.

Cortex XDR, Cortex Data Lake and WildFire will now offer a UK hosting option to help customers with...
Bitglass, the Total Cloud Security company, has released its 2020 BYOD Report, which analyses enterp...
According to The State of Cloud Security 2020, a global survey from next-generation cybersecurity le...
Trustwave has introduced Trustwave PartnerOne, a new global partner program designed to deliver the...
New channel sales strategy accommodates extraordinary market momentum of network threat detection an...
Solution first to provide both SDP and VPN in a single platform, protecting both users and resources...
MobileIron Threat Defense includes multi-vector threat detection and remediation to protect iOS and...
Streamline remote management of network, server and data centers to securely and reliably ensure bus...