June 23, 2008

Blocking Attacks. Period.

If you are driving on highway 101 North from Sunnyvale to Redwood City you can see a billboard sign encouraging you not to serve alcohol to teens. Unfortunately, like thousands of  other commuters, I have plenty of time to stare at this sign every morning.

its_unsafe.png


















(click the image for larger view)

It's probably the security geek that lives in my head, but when I saw this sign, I was thinking about monitoring-only security solutions.  Any person using security solutions for monitoring only without enforcing blocking policies is unsafe and irresponsible. In some cases, I would go as far as considering security solutions that can't block major attack vectors (e.g. single packet attacks) as illegal. I truly believe that a security solution must be capable to prevent attacks in the first place. Please note that I'm making a distinguish between audit and security solutions. The former can be limited to monitoring only, but as we have learned, in many cases, audit leads to security, thus the right solution architecture must have prevention capabilities as well.

At Imperva, our philosophy (and products strategy) is the to provide granular prevention controls. Turning blocking is not like activating a big on/off switch. We provide granular controls using multiple methods allowing enterprise customers to prevent attacks. When I'm hearing that other vendors are not offering full enforcement or that customers are not using blocking at all, you can tell that I'm an orthodox. Don't get me wrong, monitoring web activity is very important. It is the first step, but it's not the destination. We need to PROTECT applications. Protection requires PREVENTION and prevention requires blocking. Of course, a product must be very accurate, able to handle the load, support enterprise requirements. but at the end of the day, WAF are a security tool. Customers should evaluate how WAF is blocking attacks, including the most sophisticated, single packet attacks.


At the SANS's Web Security Summit. One of the panelists was explaining how he is receiving SecureSphere real time blocking alert messages directly to his BlackBerry device. This panelist is the CISO of an organization that processes more than 70 billion financial transactions per year. SecureSphere is there, blocking attacks in production systems. My point here is that accuracy must be high in order to provide the CISO and of course IT, OPS and other parts of the organization the peace of mind when inspecting 70bn and more transactions per year in real time

I can't tell what other vendors are providing, but Imperva's customer survery statistics show that the vast majority of are running in block mode. Blocking attacks is cool, safe and responsible.




Image source: http://www.dontserveteens.org/materials/posters/14x48.pdf 

Tags:

By
Sharon Besser
| June 23, 2008 5:50 AM | | Comments (0) | TrackBacks (0)
  • Digg it!
  • Add to Del.Icio.Us
  • Add to Technorati
  • Stumble It!
  • NewsVine
  • Slashdot
  • Google Bookmarks
  • YahooMyWeb
  • Live
  • Add this post to Reddit

0 TrackBacks

Listed below are links to blogs that reference this entry: Blocking Attacks. Period..

TrackBack URL for this entry: http://blog.imperva.com/mt/mt-tb.cgi/37

Leave a comment