Thursday, June 23, 2011
Layer 7 Application attacks - (DDoS)
Security attacks are moving ‘up the stack.’ 90% of security investments are focused on network security, yet according to Gartner, 75% of the attacks are focused at the application layer and ‘over 90 percent of security vulnerabilities exist at the application layer, not the network layer.’ SQL Injection and XSS are #1 and #2 reported vulnerabilities and the top two from the OWASP Top 10. Plus, from Forrester Consulting, the average loss of revenue per hour for a layer 7 DDoS attack is $220,000. These vulnerabilities are some of the primary routes that are being exploited in many of the recent attacks.
Modern DoS attacks are distributed, diverse and cross the cavity that divides network components from application infrastructure yet many of these attacks are preventable. The problem is that organizations are using outdated network and/or desktop technology to try and protect against sophisticated application security attacks which traditional solutions like network firewalls, IPS or AV systems have little to no visibility or role. It’s like trying to protect a city against a coordinated air attack by digging trenches in the ground. Wrong band-aid for the attack vector.
It is interesting that these attacks have been around for a while but also shows how hard it is to get protection right, especially when the attacks are blended. Once a vector is found to deliver, a variety of exploits can be used in quick succession to find one that will work. Most of these attacks would also have sailed invisibly through an IPS device – no offense to those solutions – they are just not designed to protect the application layer or didn’t have a signature that matched. A unified application delivery platform with multi-layer visibility is the best way to detect and mitigate multi-layer attacks.