The web has changed, and legacy technology is leaving organizations vulnerable to new threats. Today, a single click to access a webpage can trigger a storm of activity, perhaps over 100 HTTP requests. These could be API calls, page analytics trackers, third-party plugins, or content delivery networks – a playground for lurking cyber criminals who want to do your business harm. This new and evolving challenge means you need dynamic, smart security that’s capable of cutting through the noise, identifying the risks and enforcing the right controls.
Cyber criminals thrive in web environments that lack appropriate security, and it has never been easier for malicious individuals and groups to launch attacks, often on easy and unsuspecting targets. One such example is a parasitic Monero mining malware campaign named xbooster, discovered by our Threat Research Labs, which was successful in generating close to US$100,000 using multiple Monero accounts. The full scope of the xbooster malware attack is hard to detect, making quick and complete remediation a challenge as the attack kill chain uses both the cloud and web.
The failure of legacy security
Legacy solutions fail to provide organizations with security capable of addressing these problems. Frequently, the architectures provided are retrofitted or unscalable and are often delivered from more than one cloud.
Platforms need to be cloud-native and built for the way that businesses use the modern, dynamic web.
Most products on the market, rooted in the outdated notion of the network perimeter, fall far short of the mark. Today, products built from this perspective present an easy opportunity to the modern hacker. At best, they offer ‘part-time security’, neither fully protecting businesses nor giving users the flexibility and freedom they demand.
Legacy solutions tend to be rooted in physical appliances or fixed compute, with users often suffering from insufficient storage capabilities. These legacy solutions are also blind to SaaS services and IaaS applications, while overwhelming security teams with high volumes of log data with every HTTP transaction, turning web security into an onerous task. In today’s distributed environment where web and cloud traffic moves thick and fast, hackers often find hiding places and wait for the right moment to pounce. It is no wonder that enterprises and their security teams struggle for visibility and control of their web and cloud activity.
The threats are not only numerous, but evolving and adapting all the time, with cyber-attacks targeting businesses doubling from 82,000 in 2016 to almost 160,000 last year, according to The Online Trust Alliance. Hybrid and multichannel attacks are delivered across both cloud and the web, making it extremely difficult to assess the true scope of an attack and how best to tackle it without smart security. This is a prime reason that a one-cloud approach is extremely beneficial, applying a layer of smart protection while enabling employees to traverse the web, SaaS and IaaS services seamlessly.
Yet, despite the growing danger, some businesses are unable to shake off the shackles of their legacy security solution, perhaps fearing a complex onboarding process with a new solution.
Taking the hybrid approach
When facing sophisticated hybrid web and cloud threats, responding and matching these threats with hybrid security is no longer just a good idea - it’s an absolute must. Netskope for Web is a prime example of this approach: As a service that operates in one cloud, it controls both web and cloud security through the Netskope Security Cloud.
This is the reality for enterprise security today – there is no going back, there is no safety in hiding behind outdated legacy security systems and tools. Businesses are confronted with increasing and evolving threats because hackers are opportunistic, innovative and employing emerging technology to barb and intensify their attacks. Innovation must be combatted with innovation, and complexity can be cut through with simplicity. Therefore, a smart, one-cloud approach is the only way to manage the cyber threats businesses face in 2018 and beyond.
Kristina Vervoort is currently the Regional Sales Director for the Central European region for Netskope, the leader in cloud security. Prior to Netskope, Kristina spent many years in various roles in the IT world, working with customers and partners. Most recently, she was responsible at Cisco Systems for Security Sales in the DACH region. For more information on Netskope, visit www.netskope.com.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.