Page 68 - SAMENA Trends - August 2020
P. 68
ARTICLE SAMENA TRENDS
It should be noted that DDoS attacks from home, using insecure devices, minimize the chance of data loss from
remain a top cybersecurity threat heading running programs, and downloading files targeted email attacks, and are strongly
into 2H20. By the end of 2019, as many as that may otherwise be avoided in a private encouraged to use cloud email protection
167k DDoS attacks were detected, for a office environment. “In fact, many home services, which leverage advanced threat
total of 437k TB of traffic. This was a 30% workers don’t even run network security intelligence data and machine learning
YoY increase. And about 170k IoT devices assessments, and use networks that are engines, as well as URL protection, and
were found in DDoS attacks last year. insecure — increasing the attack surface forged email detection services.
exponentially for the business that’s using
SAMENA companies can protect against the network to transmit sensitive data,” 3. Outdated Network Architectures
large-scale DDoS attacks by "scrubbing" says Mr. Sobhy. Organizations also need to update their
or cleaning IP traffic before it reaches the remote network infrastructure, and migrate
network. This typically involves routing The industry has seen a away from the traditional combination of
incoming network traffic to multiple data leased lines, and VPN-based structures
centers, so that DDoS attacks can be major uptick in phishing to flexible software-defined wide area
filtered and eliminated. Filtering separates attempts, which mimic a networking (SD-WAN) setups that can
legitimate traffic from false traffic, and is provide dynamic security management.
done as close to the attack sources as early “Trojan horse” approach SD-WAN can reduce infrastructure costs
as possible — shielding the organization to luring unsuspecting and provide the required flexibility to build
from getting overwhelmed by malicious victims into opening emails or tear down sites in a short period of time
data packets. — making it faster and easier to provision
that they think are safe, network services to remote users.
However, it’s important to keep in mind but in fact carry malicious
that routing traffic to thwart a DDoS attack One of the most important things to
can add extra time for data to transit the payloads. consider when deploying SD-WAN is that
network, which can also negatively impact it can be much riskier running traffic over
business operations. As such, it’s import- Cybercriminals are aware of this the public internet, versus a private carrier
ant to use local scrubbing centers located vulnerability, and are actively targeting MPLS network. The public internet poses
at key peering hubs around the world where users over insecure networks via much greater levels of exposure to bad
large volumes of traffic are exchanged. email. Google alone, for instance, has actors and malware. Allowing SD-WAN
discovered hundreds of millions of daily devices to access the internet directly with
2. Vulnerable End Users spam messages related to COVID-19. its limited onboard security protection is
One of the top reasons why many SAMENA The industry has seen a major uptick in not adequate to protect enterprise assets
companies have been nervous about phishing attempts, which mimic a “Trojan behind it, so extra protection is needed.
allowing remote workers is because end- horse” approach to luring unsuspecting The best way to fortify SD-WAN outside of
user behavior tends to change on home victims into opening emails that they a private MPLS environment is to leverage
networks. Staff members tend to become think are safe, but in fact carry malicious an advanced managed firewall or cloud
more relaxed about security when working payloads. Businesses need to try and security solution, which incorporates a
variety of advanced security functions,
such as sandboxing, application control,
intrusion detection and prevention (IDS/
IPS), quarantining, and web filtering.
Summary
“Of course, these are just a few of the many
factors that companies need to consider
when enabling remote work,” Mr. Sobhy
adds. The above suggestions should be
used in conjunction with services such as
real-time security information and event
monitoring (SIEM), and advanced identity
management and access control. “By
incorporating these strategies, SAMENA
PCCW Global’s European-based security operations center (SOC) manages customers’ security services 24x7, companies can drastically reduce their
and helps them pro-actively address security issues. attack surface.”
About the author
Bob Flinton, Dir. Strategic Marketing, PCCW Global
Bob Flinton has been with PCCW Global for 6 years, and leads product marketing for the company’s cybersecurity service offerings.
68 AUGUST 2020
