Vulnerabilities / Threats
9/9/2013
02:32 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Preparing For Notorious CyberAttack Dates: Radware Provides Five Steps To Secure Your Network

Hackers target to types of dates: ideological and business-relevant

MAHWAH, N.J., Sept. 9, 2013 -- There are several dates throughout the year that are notorious for wreaking havoc on businesses via denial-of-service (DoS) attacks, data breaches and even malware or botnet assaults. As September 11th nears, rumors about coordinated cyber attacks on American websites continue to increase. Because of these potential risks, it's imperative that businesses tighten their network security measures now in order to protect themselves from potential intrusion or disruption, which can result in profit-loss and tarnished user confidence.

According to Radware®, (Nasdaq:RDWR) a leading provider of application delivery and application security solutions for virtual and cloud data centers, there are two types of dates that hackers target: ideological and business-relevant dates. Ideological dates refer to holidays and anniversaries that have a cultural, religious or secular tie to the adversary. High-risks times for the United States in addition to September 11th include Memorial Day, Election Day and Independence Day. Business-relevant dates involve a period of time that companies are particularly vulnerable to attacks, such as Black Friday, Cyber Monday, or even regular business hours.

Additionally, hackers commonly use important dates and holidays to disrupt specific industries. For example, retail and credit card companies see a significant rise in cyber attacks between Thanksgiving and Christmas, whereas government websites may be targeted during Election or Independence Days.

"Timing is an extremely influential risk-factor for cyber attacks throughout the year," said Carl Herberger, vice president of security solutions for Radware. "Hackers capitalize on overwhelming their target's environment on days of great importance and look to exploit vulnerabilities that cause the most detriment.

Because these types of assaults show no signs of slowing, it's crucial that businesses implement anticipatory security measures in preparation of these peak times so that networks and data centers are able to properly detect and defend against sophisticated threats."

There are five immediate steps that network administrators and security professionals can take to defend and prepare their networks during these at-risk times of the year:

1) Identify High-risk Dates: Businesses should recognize which times of the year present excessive levels of risk and develop strategic plans to mitigate issues in the event of a cyber attack.

2) Conduct Seasonal Risk Assessments: Once these dates are acknowledged, Radware recommends conducting a detailed risk assessment. Aside from classifying top dates for cyber attacks, companies should also highlight seasons for increased web traffic and periods for increased vulnerability that have presented an issue in the past or have the potential to be problematic. Through this assessment, a strategic security plan can then be developed.

3) Review Network Security Technology: Companies are also advised to plan ahead of seasonal risk by ensuring the network is properly and reliably protected by a leading network security solution. Because it could take up to six months to prepare in advance of high-risk dates, it is important for IT organizations to plan for at-risk periods ahead of time.

4) Run Attack Scenarios: In order to ensure that security solutions are functioning at full capacity, Radware suggests running network simulations using both common and emerging cyber attacks approaches. By analyzing potential methods of infiltration and denial-of-service (DoS) disruptions, network administrators will be able to detect flaws and repair the system before the high-risk season commences.

5) Educate Employees: Employees are often the weakest links in an organization's cyber security plan. Ensure that all staff members are fully aware of the latest tricks and scams that hackers are utilizing to infiltrate networks by providing training and ongoing education on organizational cyber security policies and procedures.

By implementing these best practices, businesses can prepare and fortify their networks against heightened times of risk. Regardless of these hypersensitive periods, businesses should employ reliable security solutions to protect their networks year-round.

About Radware

Radware (Nasdaq:RDWR), is a global leader of application delivery andapplication security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.

Radware encourages you to join our community and follow us on; LinkedIn,Radware Blog, Twitter, YouTube, Radware Connect app for iPhone® and our new security center DDoSWarriors.com that provides a comprehensive analysis on DDoS attack tools, trends and threats.

©2013 Radware, Ltd. All rights reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of their respective owners.

This press release may contain statements concerning Radware's future prospects that are "forward-looking statements" under the Private Securities Litigation Reform Act of 1995. Statements preceded by, followed by, or that otherwise include the words "believes", "expects", "anticipates", "intends", "estimates", "plans", and similar expressions or future or conditional verbs such as "will", "should", "would", "may" and "could" are generally forward-looking in nature and not historical facts. These statements are based on current expectations and projections that involve a number of risks and uncertainties. There can be no assurance that future results will be achieved, and actual results could differ materially from forecasts and estimates. These risks and uncertainties, as well as others, are discussed in greater detail in Radware's Annual Report on Form 20-F and Radware's other filings with the Securities and Exchange Commission. Forward-looking statements speak only as of the date on which they are made and Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware's public filings are available from the Securities and Exchange Commission's website atwww.sec.gov or may be obtained on Radware's website at www.radware.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0103
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CVE-2014-0475
Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVE-2014-0889
Published: 2014-07-29
Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote atta...

CVE-2014-2226
Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

CVE-2014-3020
Published: 2014-07-29
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Best of the Web
Dark Reading Radio