Feeds

CISPA row: Slurped citizen data is ENORMO HACK TARGET - infosec boss

US cyber-spook hub ultimate trophy for miscreants

The Essential Guide to IT Transformation

The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva.

The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US.

But the head of the security firm said the legislation could create several problems, not least of which was the equivalent of sticking a giant 'Hack Me' sign on the government's info stores.

The US cybersecurity bill, which passed through the US House of Representatives last week, would allow the US government to share "cyber threat intelligence" with private-sector entities. Crucially, the proposed law would also allow the firms to share their customers' web traffic information - among other things - with the Feds.

CISPA's critics also argue that the law would create a mechanism for private businesses to share intelligence with government, including private data, without judicial oversight. Privacy activists are concerned that the risks of this massive trawling exercise more than outweigh security benefits. The bill has not yet passed through the Senate.

Amichai Shulman, CTO at Imperva, said that the policy would theoretically create more repositories of data for government to analyse but warned that the gathering of threat data would be accompanied by the potential risk of hacker attacks against the newly established info hubs. Shulman also spoke of the possibility of bureaucratic creep (ie, data on info hubs being used for purposes other than security analysis, Big Data number crunching) and said the info hubs were a potential target for attack.

While Shulman didn't comment on the bill as it stands, he did insist that more information sharing needs to happen in order for defenders to stay abreast of security threats and that government involvement was a "broadly positive" development.

Stopping these assaults shouldn't be rocket science

Imperva's latest Hacker Intelligence Initiative report shows businesses can reduce risk by identifying and blocking attackers targeting multiple sources. The study analysed real-world attack traffic against 60 web applications between January and March 2013 to identify common attack patterns. Businesses can reduce the risk of successful attacks against their organisations by identifying and blocking attack sources, payloads and tools that are prevalent in targeting multiple websites.

The security firm said these attack sources - which can best be identified by analysing crowd-sourced attack data from a broader community - made up a disproportionate amount of the overall traffic against corporates.

Imperva researchers analysed the behaviour of the most common web application attacks (SQL injection, remote and local file inclusion, and comment spam attacks) over time and across targets, cross-referencing this data with the three most prevalent attack characteristics (attack source, payload, and tool), against known attack signatures.

The study - which covered data from the first three months of 2013 - revealed that several attacks are responsible for a disproportionate amount of attack traffic. Attacks targeted SQL injection attacks and RFI attacks were particularly prominent in the treat landscape.

Imperva argues that crowd sourcing and sharing information about attacks improves collective protection against large-scale attacks. Identifying a “noisy” attack source - an attacker, payload or tool that repeatedly attacks – is important.

"Our report shows that businesses can greatly reduce the number of successful attacks against their organisations by identifying and blocking attack sources that are known to target multiple sites or applications," Shulman explained.

The full Imperva report, Get What You Give: The Value of Shared Threat Intelligence, can be found here.

The security tools firm launched the survey at the same time as it announced the addition of ThreatRadar Community Defense, a crowd-sourced threat intelligence service, to its SecureSphere 10.0 Web application firewall (WAF) platform. The service is designed to aggregate and validate attack data from WAFs to protect against hackers, automated clients, and zero-day attacks.

Shulman compared the service to the sharing of anti-malware intelligence between security researchers. He said Imperva's service would create "actionable intelligence" broader than just IP addresses linked to attacks, providing early warnings about a spate of RFI-style attacks, for example. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.