How vulnerable is your business website? Are you fully protected against cyber-criminals and hackers? Most of us would like to think we are, but the more you read the less certain you can be of that fact. Cyber criminals and hackers are sophisticated and will stop at nothing to get hold of your money or your business intelligence. Is the threat of hacking and cyber-attack an over-exaggeration? Well, Krypsys would argue not. In the course of the last week alone there have been news items about a 19 year old Argentinian hacker who was caught trying to steal millions of pounds from international money transfer and gambling websites, cyber criminals caught trying to steal millions of pounds from Santander and the personal information of more than 2 million customers was stolen from Vodaphone Germany.
Cyber-crime is here to stay, whether we like it or not. It isn’t just the critical national infrastructure and business interests that are being increasingly being threatened by cyber criminals either: companies are having their research and confidential data stolen or mapped. According to Francis Maude, the Cabinet Office Secretary, 93 percent of large corporations and 76 percent of small businesses had reported a cyber-breach in the past year alone. 70 percent of the cyber- attacks faced by UK companies are focused predominantly on web applications. The onus is now on businesses to take positive steps to minimise the threats.
So how can business and enterprise combat hacking and cyber intrusion? Well, traditional web security solutions have focused principally on blocking or learning from cyber-attacks and then taking action to prevent any possible recurring threat. The trouble with such an approach is that it does little to prevent any sustained attack on the web infrastructure. Determined hackers are using increasingly sophisticated methods to attack web infrastructures, so equally sophisticated solutions to cyber-defence have had to be considered. Intrusion deception is one of the innovative solutions: developed by Mykonos, a Juniper Networks security company, the Web Intrusion Prevention System (WIPS) is one of the smartest ways to secure websites and web applications against hackers, fraud and theft. The programme uses deception to detect, track, profile and prevent hackers in real-time.
How does WIPS combat cyber-attacks?
Unlike other web infrastructure protection programmes, the Web Intrusion Prevention System doesn’t generate false positives: this is because it utilises deceptive tar traps to detect attackers with absolute certainty. WIPS inserts detection points into the code, including URL’s, forms and server files to create a random and variable minefield all over the web application.
The advantage of these sophisticated tar traps is that they can detect attacks during the reconnaissance phase of the attack, before an attack vector has been successfully established. Attackers are therefore detected when they manipulate the detection points inserted into the code, and because the attackers are simply manipulating code that has nothing to do with the website or web application, it can be demonstrated with absolute certainty that it is a malicious action with no chance of a false positive.
WIPS works by making hacking harder and more time-consuming
Mykonos’ unique approach of making the attack surface variable and inserting deceptive detection points into the web application means that hacking a website is now more time-consuming and tedious. Any potential attacker will have to work much harder to stand any chance of hacking into web applications.
WIPS turns the tables on the attacker
Hackers will now have to take the greatest care if they are to avoid the risk of detection. With WIPs web applications are no longer passive. Instead WIPS makes hacking actively more difficult for attackers; all it takes for them to identify themselves is just one mistake.
Simple effective detection
IT security professionals have long known that false positives diminish the effectiveness of any security program. By using this type of certainty-based approach, the Web Security technology removes any element of uncertainty from web attacks. The added advantage is that WIPS is ready to run straight from the box and improve web application security immediately. There’s no need to write any rules or update any signatures, nor are there ‘learning modes’ to monitor and nor log-files to review. The programme is free to do what it does best from the start, and that’s to prevent attacks.
Intrusion deception has no impact on the website
Intrusion Deception has no effect on a website and therefore there is no need for anyone to re-write a line of code. All of the detection points are inserted intelligently at serve time and stripped out on the way back: this means that the detection points never impact on the application server. Normal users never see the detection points. The deceptive tar traps are only encountered by those malicious attackers who seek to exploit any potential vulnerability on the site. Mykonos’ innovative security product can be easily put at the front end of any website or web application to intelligently add a layer of deception to improve security.
If you would like to find out how WIPS solutions could help you protect your web infrastructure, or would like any further information on Mykonos’ Web Intrusion Prevention System, please contact Krypsys on 01273 044072.