1 / 14

The Smartest Way to Protect Websites and Web Apps from Attacks

The Smartest Way to Protect Websites and Web Apps from Attacks. Who is Attacking You ?. “ Within 20 minutes , ….we were looking at the activity taking place on our Web applications. ”. Keir Asher Senior Technical Analyst Brown Printing. “ 10% of our traffic was…malicious.”.

axl
Download Presentation

The Smartest Way to Protect Websites and Web Apps from Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The SmartestWay to Protect Websites and Web Apps from Attacks

  2. Who is Attacking You? “Within 20 minutes, ….we were looking at the activity taking place on our Web applications.” Keir Asher Senior Technical AnalystBrown Printing “10% of our traffic was…malicious.”

  3. Traditional Security Thinking Bot Nets Targeted Scanners • Reliance on signatures • Static attack surface • No understanding of attackers • Reactive IP Scanners Manual Hacking

  4. Deception Provides Many Benefits • Early detection of attackers • Makes attack surface unreliable • Always runs as an IPS

  5. Hacker Threats Targeted Scans Scripts & Tools Script Kiddie Library Attacks Targeted Scan IP Scan Generic scripts and tools against one site. Targets a specific site for any vulnerability. Script run against multiple sites seeking a specific vulnerability. Botnet Human Hacker Advanced Persistent Threat (APT) Script loaded onto a bot network to carry out attack. Sophisticated, targeted attack (APT). Low and slow to avoid detection. JAN JUNE DEC

  6. Mykonos Security ApplianceDeception-based Security • Track • Profile • Respond • Detect • Real-time attacker profiling Intelligent and deceptive response Landmine apps with behavioral trip wires Track individual attackers and scripts

  7. Detection by Deception Tar Traps Query String Parameters Network Perimeter Hidden Input Fields Client Firewall Database App Server Server Configuration

  8. Track Attackers Beyond the IP Track IP Address • Track Browser Attacks • Persistent TokenCapacity to persist in all browsers including various privacy control features. • Track Software and Script Attacks • FingerprintingHTTP communications.

  9. Smart Profiling of Attackers • Every attacker assigned a name • Incident history • Attacker threat level

  10. Deceive and Prevent All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat.

  11. Security Administration • Web-based console • Real-time • On-demand threat information • SMTP alerting • Reporting (Pdf, HTML) • CLI for exporting data into SIEM tool

  12. Unified Protection Across Platforms Internal App Server Database Virtualized Cloud

  13. www.MykonosSoftware.com

More Related