Connect with us

Featured

Botnets aim at World Cup

KEIRON SHEPHERD, Senior Security Specialist, F5 Networks, discusses why advanced application security is a match for today’s sophisticated cyber-attacks.

Hackers across EMEA are warming up for the FIFA World Cup. As all eyes turn to the pitch, they’ll be booting up the botnets ready to take on the excitable businesses who are increasingly giving away the ball on app protection and data security.

The EU General Data Protection Regulation (GDPR) – the cyberspace equivalent of the omnipresent Video Assisted Referee – will also be making its presence felt this Summer. The penalty for a breach is 2% to 4% of global turnover or €10 to 20 million, whichever is the bigger hit. The GDPR supervisory body can also flash the proverbial red card by immediately suspending all data processing if the risk to an EU citizen’s privacy is deemed unacceptable.

According to the Ponemon Institute’s 12th annual Cost of Data Breach study, the global average cost of a data breach currently stands at $3.62 million. The ongoing reputational costs are harder to quantify, so it’s not worth being sent off over compliance complacency. Like any competition, every company must now train hard and be ready to take a stand against cybercrime with the goal of protecting data.

Bots take to the field

Football is a game of two halves, and so too is the Internet. Recent research by F5 Labs suggests that half of the Internet’s traffic comes from bots, 30% of which are malicious. Most bots search for vulnerabilities, scrape websites or participate in DDoS attacks. They can speed up password-guessing to break into online accounts, mine cryptocurrency such as Bitcoin, and attack anything requiring a large network of computers.

Most botnet based attacks are designed for disruption and exploitation. Typical attacks include the creation of Spam email relays and Denial of Service (DoS) activities designed to prevent access to websites. Another concern flagged by F5 Labs is the inexorable rise of Thingbots: botnets which are built exclusively from IoT devices and are fast becoming the cyberweapon delivery system of choice for today’s attackers due to their poor security and ease of compromise.

Year over year (2016-2017), F5 Labs found that Telnet brute force attacks against IoT devices rose 249%. Moving ahead, IoT’s destructive arsenal is set to explode in scale. Gartner recently reported that there are 8.4 billion IoT devices in use and the number is expected to grow to 20.4 billion by 2020. Botnet risks rise significantly when moving to multi-cloud environments as many businesses are now doing out of operational necessity. In particular, many cloud consumers assume that security is inherently better in the cloud and do not realise the same vulnerabilities that plagued them in their datacentre are just as present in the cloud.

Tackling advanced app security

A threat defence is only effective if it safeguards sensitive data. Visibility is fundamental to understanding normal application behaviour, detecting anomalous traffic and being able to report data breaches to the relevant data protection authorities. Visibility means having insight into all traffic that passes between users and applications. It is essential that security systems understand the application, the protocols and can see into encrypted traffic. Context is equally important and the key to understanding the characteristics of an application’s environment, including behavioural insights that enable rapid adaptation where required. Incisive visibility and context are crucial to informing decision-makers, which means that robust security controls can be implemented to protect your apps and data.One of the best first lines of defence in the game is a web application firewall (WAF). The 2018 State of Application Delivery (SOAD) report revealed that 98% of F5’s surveyed customers protect at least some part of their application portfolio with a WAF. More than 40% protect half or more of their apps.

However, not all WAFs are capable of safeguarding against the full scope of today’s hyperactive threat spectrum. This is where Advanced WAF (AWAF) solutions are more effective. Capable of supporting a variety of consumption and licensing models, including a per-app basis, as well as perpetual, subscription, and utility billing options, AWAFs provide a new level of flexibility in both the cloud and the data centre. Important benefits include facilitating better collaboration between SecOps, DevOps, and NetOps teams to deploy app protection services in any environment.

Crucially, AWAFs provide powerful defensive capabilities against malicious bots going beyond signatures and reputation to block evolving automated attacks, prevent account takeovers (with encryption at the application layer), and protect apps from DoS attacks (using machine learning and behavioural analytics for high accuracy). AWAFs also provide comprehensive protection from mobile attacks through an Anti-Bot Mobile SDK rich security services, including application whitelisting (i.e. index of approved software), secure cookie validation, and advanced app hardening.

Blowing the whistle on cybercrime

Organisations need to prove they are responsible data custodians. Security and transparency are now essential attributes for customer service. It’s time to blow the whistle on cybercrime.

Investing in integrated security solutions protects what matters: your applications. The net result is that data are protected, the business upholds compliance standards and your customers remain enthusiastic, loyal fans – a world class winning combination.

Featured

Time is running out for Microsoft SQL Server 2008

Companies are urged to update from the dated database management software as it reaches the end of its support, writes BRYAN TURNER.

The 11-year-old Microsoft SQL Server 2008 database management software is reaching the end of its support on 9 July. The applications that use databases running on this software will be at risk of security and stability issues.

On self-managed databases, upgrading to the latest database version comes with a lot of risks. Many IT departments within companies go by the motto: “If it’s not broken, don’t fix it”.

Microsoft made it very clear that it would not be updating SQL Server 2005 after its extended support date and even left it vulnerable to Spectre and Meltdown by not releasing patches for the dated version.

Updating SQL Server versions may seem daunting, but the benefits far outweigh the effort it takes for a migration. In the last major version update, SQL Server 2016 introduced simpler backup functionality, database stretching, and always-encrypted communications with the database, to name just three features.

While backing up the database may be the last thing on the typical database administrator’s mind, it’s become increasingly important to do so. In SQL Server 2008, it’s clunky and causes headaches for many admins. However, in SQL Server 2016, one can easily set up an automated backup to Azure storage and let it run on smart backup intervals. Backing up offsite also reduces the need for disaster recovery for onsite damage.

Database stretching allows admins to push less frequently accessed data to an Azure database, automatically decided by SQL Server 2016. This reduces the admin of manually looking through what must be kept and what must be shipped off or deleted. It also reduces the size of the database, which also increases the performance of the applications that access it. The best part of this functionality is it automatically retrieves the less accessed records from Azure when users request it, without the need for manual intervention.

Always-encrypted communications are becoming more and more relevant to many companies, especially those operating in European regions after the introduction of GDPR. Encryption keys were previously managed by the admin, but now encryption is always handled by the client. Furthermore, the keys to encrypt and decrypt data are stored outside of SQL Server altogether. This means data stored in the database is always encrypted, and no longer for the eyes of a curious database manager. 

The built-in reporting tools have also vastly improved with the addition of new reporting metrics and a modern look. It includes support for Excel reports for keeping documentation and Power BI for automated, drag-and-drop personalised reporting. Best of all, it removes the dreaded Active X controls, which made the reporting in a webpage feel very clumsy and bloated in previous versions.

A lot has changed in the past ten years in the world of SQL Server database management, and it’s not worth running into problems before Microsoft ends support for SQL Server 2005.

Continue Reading

Featured

Local apps to feature in Huawei’s App Gallery

Huawei’s mobile app store, the HUAWEI AppGallery, will soon feature a multitude of apps and designs by local developers. The company says this is part of its drive to promote South African digital talent and include more useful apps for Huawei smartphone users. HUAWEI AppGallery and HUAWEI Themes are pre-installed on all the latest Huawei and Honor devices.

“South African consumers are increasingly wanting more apps that are relevant to their unique circumstances, addressing issues they experience regularly – such as load shedding or safety concerns – but also apps that celebrate South Africa’s multitude of cultures and this vibrant country,” says Lu Geng, director of Huawei Consumer Cloud Service Southern Africa Region.

Akhram Mohamed, chief technology officer of Huawei Consumer Business Group South Africa, says: “Huawei is committed to catering to the needs of South African consumers, but we also know that we do not have all the answers. For this reason, we aim to work closely with South African developers so that we can give our users everything that they need and want from their devices. At the same time, we also hope to create an open ecosystem for local developers by offering a simple and secure environment for them to upload content.”

Huawei Mobile Services was launched in South Africa in June last year. Since then, both the HUAWEI AppGallery and HUAWEI Themes – which features tens of thousands of themes, fonts and wallpapers that personalise user’s handset – have become increasingly popular with the local market. Even though it is a relatively new division of Huawei, there has been a great increase in growth; at the end of 2018 Huawei Mobile Services had 500 million users globally, representing a 117% increase on the previous year.

Explaining what differentiates the HUAWEI AppGallery from other app stores, Mosa Matshediso Hlobelo, business developer for Consumer Cloud Service Southern Africa says: “We use the name ‘HUAWEI AppGallery’ because we have a dedicated team that curates all the apps in terms of relevance and ease of use and to ensure that there are no technical issues. Importantly, all apps are also security-checked for malware and privacy leaks before being uploaded on to the HUAWEI AppGallery.”

Huawei recently held a Developers’ Day where Huawei executives met with South African developers to discuss Huawei’s offering. 48 developers registered their apps on the day, and Huawei is currently in discussions with them with the eventual aim of featuring the best apps and designs on HUAWEI AppGallery or HUAWEI Themes. The Consumer Cloud Service Southern Africa Team at Huawei plans on making Developers’ Day a quarterly event and establishing a local providers’ hub, where developers can regularly meet with Huawei for training on updates to programmes and offerings.

“We have a very hands-on approach with our developers, and hope to expand that community so we can become an additional distribution channel for more developers and expose them to both a local and a global audience,” says Geng. “For example, we regularly feature apps and designs from local developers on our Huawei social media pages, and do competitions and promotions. We want to do everything we can to make our Huawei users aware of these local apps and upload them. This will encourage the growth of the developer community in South Africa by giving developers more opportunities to generate revenue from in-app purchases.”

* Developers who would like their apps featured on the HUAWEI App Gallery, or designs featured on HUAWEI Themes, should visit https://developer.huawei.com or email Huawei Mobile Services on sacloud@huawei.com.

Continue Reading

Trending

Copyright © 2019 World Wide Worx