With a vulnerable web application, you are helping hackers by significantly reducing the time, cost and efforts needed to get into your corporate network. When Magento, the widely-preferred e-commerce CMS was hacked in mid-2015, many web stores did not realize that there was an ongoing attack until their bank statements showed up. The cyber-crime group behind the attack leveraged a zero-day vulnerability that let them drain out payment card information from every POST request, packaging them in a stealthy image-like file that could only be downloaded and decrypted by the attacker himself. As if this level of deception wasn’t enough, the attackers evaded detection by wiping off trails.
Slick attack vectors such as this are becoming way too common today to be identified and thwarted by standard firewalls and filters. A company’s website is one of the very first places an attacker will look for misconfiguration, insecure code and vulnerable design. For those with web-based applications, user account management systems or an online store, this exposure puts their internet-facing web servers in a precarious position.
So what can I do to protect the sensitive information stored in my web server?
Data breach incidents are extremely rampant today, sparing neither behemoths nor budding companies. While zero-days will always come and go, it is every company’s onus to curtail an intruder before he can access its client data and intellectual property.
Get them from the behind
Most bad actors targeting your web application will invariably attempt an SQL injection, the most infamous attack that has been running amok for over a decade now. Though it isn’t widely discussed, an intrusion detection system can be surprisingly effective in thwarting database exfiltration and destruction attempts. Since SQL does not include adequate safeguards against malicious data inputs, table query input string authentication and multiple arbitrary command execution; it takes pervasive monitoring to prevent an attacker from using flaws to his advantage.
Setting up an IDS at the network level and the host-level can put a robust shield on your web server. This is instrumental in tracking the attacker’s footprint as well as assessing the impact of the potential security incident, be it an injection attack or a cross-site scripting attack. The Network IDS can track and inspect every request that comes to your web server and isolate all anomalous behavior, cross-referencing global threat signatures.
A Host IDS (HIDS) narrows log scanning down to the individual systems, in this case, your web server. The tool is installed on the server itself, and monitors file activity and logs, scouring them for rogue activities, privilege escalation and file system integrity errors.
Forewarned is forearmed. Projecting an impending attack pattern is much more important than detecting an ongoing attack, which is what a HIDS is designed to do.
Planning ahead to deal with risks is often the only way companies can preserve their competency. This strategy is especially easy now, with the upswing in easy access to open threat intelligence exchange platforms. Emerging companies can benefit a great deal from keeping a tab on attacks that have attacked their counterparts and exploit methods that are constantly researched and proliferated on these platforms.
It is always the organizations with threat awareness and comprehensive security monitoring that have the least to lose in the event of a data breach.
Seek knowledge that can set you apart from your peers.
Get in touch for advice, assessments and more: alephtavtech.com