It’s just another day at the office but all is not as it should be. The website is down, the web servers are inundated, and your network systems indicate thousands of HTTP requests are being received every minute. You’re suffering a Denial of Service (DoS) attack and every minute is costing you money.
You quickly get on to your service provider and seek to reduce the inbound traffic. Where is it coming from? Will it intensify? How can you throttle the inbound requests? All the while, your legitimate customers are unable to access your site. Maintaining the façade of ‘business as usual’ (BAU) simply isn’t an option and the cost isn’t just in loss of revenue but loss of reputation.
The HM Government 2015 Information Security Breaches Survey found that small businesses are consistently falling foul of DoS attacks, with the figure remaining unchanged at 16 percent of organisations year-on-year. That differs markedly from large organisations, where there has been a decline. So why are small and medium-sized enterprises (SMEs) continuing to suffer from these types of assault?
It’s not simply a matter of money or scale. Adrian Newby from CrownPeak chronicled a massive DoS attack against a healthcare client that involved 86 million users hitting the site from over 100,000 hosts worldwide and yet remediation costs from Amazon Web Services cost less than $1500. The reason? The organisation was sufficiently prepared to counter each successive wave of attack.
Imagine, then, the benefits of being able to determine when a cyber-attack is going to happen. Threat intelligence aims to provide the SME with information on suspect activity that may well manifest itself into an attack. It does not need to be a DoS, it could well be a malicious virus which aims to disrupt or install a backdoor on the network, or an Advanced Persistent Threat (APT), a slow-burn but highly targeted form of attack. Whatever the form, there will undoubtedly be signs of such threats on the web, social media or dark web.
Tracking that activity has typically been the tool of large corporates who can spend the time and resource required to either build a Security Operations Center (SOC) inhouse or can afford to outsource such a service to one of the big four consultancies. The SME has had little option but to rely upon network detection systems deployed on the perimeter; spot an attack there and it’s often too late. However, times are changing and as threat intelligence, big data analytics and security analysis matures, these services are now coming within reach of the SME.
An outsourced next generation SOC provides the SME with a managed security service and threat intelligence capability that uses a SIEM and event logging to identify emerging threats. Network noise and suspect activity is monitored round the globe and results are cut and diced using various critieria to determine the source, type of threat, sectors affected and the potential realisation of a threat. The patterns are then interpreted by security analysts who use the information to anticipate and predict when and where an attack will happen.
The predictive nature of threat intelligence buys the SME time to react, allocate resource, and take the necessary counter steps to prevent disruption. But it can also help inform future business decisions, helping the SME to stay one step ahead of the attacker and maintain BAU operation.
By James Parry, Technical Manager for Auriga