Radware - Experts & Thought Leaders

Radware®, a pioneering provider of cyber security and application delivery solutions, announced that it expanded its relationship with NOS, one of the largest communications and entertainment groups in Portugal. The telecom pioneer is increasing its Radware security defences to further safeguard traffic across its growing global cloud infrastructure and advance its reseller capabilities. Pioneering 5G provider in Portugal, NOS has 5.9 million mobile phone customers, 1.6 million television customers, and over 5.3 million households covered with FTTH. NOS chose Radware for its superior technology, technical expertise, and customer responsiveness.  DDoS detection and mitigation Radware closed the deal in conjunction with its OEM partnership with Check Point Software As part of the agreement, NOS increased its investment in Radware’s DefensePro® DDoS Protection and Emergency Response Team services. In addition, NOS purchased Radware’s Managed Security Service Provider Portal Solution, enabling the carrier to resell DDoS detection and mitigation to its customers as a managed service. Radware closed the deal in conjunction with its OEM partnership with Check Point Software Technologies, a pioneering AI-powered, cloud-delivered cyber security platform provider. Resell DDoS protection  “Not only does Radware offer superior DDoS protection, but Radware’s customer support has been key at increasing the safety of NOS’ infrastructure and its customers,” said Paulo Ribeiro, director of fixed network engineering at NOS. “Based upon our long-standing, positive experience, we know we can depend on Radware to quickly respond to our requests. In addition to helping us protect our own network, our expanded engagement has created a valuable competitive advantage by enabling us to resell DDoS protection as a service to our customers.” Relationship with NOS According to Roberto Neisser, regional director for Radware, “NOS is transforming business telecommunications in Portugal and continues to innovate and invest in technology to support its new services." "We value our relationship with NOS and are honoured that the company continues to choose Radware for its evolving security needs. The expanded relationship validates the strength of Radware’s people, approach, and technology solutions.” Radware’s DefensePro For two consecutive years, Radware was named the technology pioneer in Quadrant Knowledge Solutions’ Spark Matrix™ for DDoS Mitigation. Radware’s DefensePro provides automated DDoS protection from Burst, DNS, and TLS/SSL attacks, as well as ransom DDoS campaigns, IoT botnets, and other types of cyber threats. Available 24x7x365, Radware’s Emergency Response Team is a group of security experts that provides proactive support for customers facing a broad array of application- and network-layer attacks.

Radware®, a pioneering provider of cyber security and application delivery solutions, released its First Half 2023 Global Threat Analysis Report. The comprehensive report leverages intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals. Online applications and APIs Radware’s director of threat intelligence Pascal Geenens commented, “The narrative for the threat landscape in 2023 is clear: a significant shift is taking place in Denial-of-Service attack patterns. The message to organisations is equally as clear: the focus now lies on proactively adapting to these evolving cyber threats." Increasing numbers of bad actors are moving up the network stack from layers 3 and 4 to layer 7 “Increasing numbers of bad actors are moving up the network stack from layers 3 and 4 to layer 7 with their sights set on compromising online applications and APIs as well as essential infrastructure. To launch attacks with even greater impact, control, and scale, also look for them to continue a steady transition from compromised IoT devices to cloud-based operations.” Shifting DDoS attack patterns The global threat landscape continues to evolve at a rapid pace. In 2023, the profile of Denial-of-Service attacks is being redefined in terms of tactics, vector, size, complexity, and hacktivist offensives. According to Radware’s attack activity during the first half of 2023: Changing tactics: The number of malicious web application transactions skyrocketed by 500% compared to the first half of 2022, while the total number of DDoS events decreased by 33%. This points to a change in DDoS attack patterns as attacks shift from the network layer to the application layer. Surging vectors: There has been a considerable surge in DNS query floods. In the second quarter of 2023, the proportion of attacks featuring a DNS Flood vector climbed almost twofold compared to the ratio of attacks in 2021 and most of 2022. Bigger attacks: The relative number of large attacks (greater than 100 Gbps) rose sharply, increasing from 3.75× in 2022 to 10.5× in 2023, considerably outpacing the growth in small (less than 1 Gbps) and mid-sized (1 Gbps to 100 Gbps) attacks.  Increasing complexity: The average complexity of attacks increased with attack size. Attacks above 1Gbps on average had more than two dissimilar attack vectors per attack, while attacks above 100Gbps had on average more than eight dissimilar attack vectors. Escalating hacktivist offensives: NoName057(16) was the most active hacker group on Telegram, claiming 1459 DDoS attacks, followed by Anonymous Sudan with 660 attacks, and Team Insane PK with 588 attacks. Hacktivist influences The effectiveness of these attacks has been significantly amplified as hacktivists rally patriotic" “Hacktivists are a major contributor to the dramatic increase in the volume and intensity of layer 7 attacks, and organisations across the globe are getting caught in the crosshairs,” continued Geenens. “The effectiveness of these attacks has been significantly amplified as hacktivists rally patriotic volunteers and provide them access to crowd-sourced botnets, custom attack tools, and detailed attack tutorials.” According to attacks claimed by hacktivists on Telegram, politically motivated and religious groups waged multiple DDoS campaigns during the first half of 2023: Geographic targets: Most of the hacktivists claimed DDoS attacks targeted India (674 attacks), followed by the United States (507 attacks), Israel (459 attacks), Ukraine (376 attacks), and Poland (297 attacks). Website targets: Government (1112 attacks), business/economy (1036 attacks), and travel (628) websites faced the most hacktivist attacks, followed by financial services (420 attacks) and health/medicine (329 attacks). Geographies under attack Various regions across the globe emerged as DDoS hot spots. According to Radware’s attack activity during the first half of 2023: EMEA shouldered the largest number of DDoS attacks, blocking 66% of the attacks and facing 48% of the attack volume. The Americas blocked 25% of the DDoS attacks. While the Americas blocked a smaller share of attacks compared to EMEA, the Americas experienced a threat level on par with EMEA bearing nearly equal attack volumes (47%). The APAC region blocked 9% of the DDoS events and faced 5% of the global attack volume. Industries under attack Radware’s global attack activity revealed that research and education bore almost a third (32%) of the DDoS attack volume, while service providers and technology accounted for 20% and 12%, respectively. On a regional basis, however, the distribution of DDoS attack volume varied. During the first half of 2023: In the Americas, service providers (39%) and research and education (38%) drew the majority of the DDoS attack volume, followed by healthcare (7%) and energy (6%). In EMEA, technology (32%) experienced the biggest share of the DDoS attack volume, followed by gaming (15%) and telecom (15%). In APAC, service providers (50%) bore the brunt of the DDoS attack volume, followed by retail (21%), gaming (9%), and transportation and logistics (6%). Surge in web application activity While there was near-linear growth in the number of web transactions per quarter in 2022, there was exponential growth in the first half of 2023. According to Radware’s attack activity during the first six months of 2023: The number of malicious web application transactions grew by a staggering 500% compared to the first half of 2022. The sharp rise underscores the significant shift in DDoS attack patterns as attacks increasingly progress to layer 7. The most significant security violation was predictable resource location attacks (34%), followed by SQL (20%) and code injection attacks (10%), together generating 64% of total web application attack activity. The most attacked industry was retail (36%), followed by carriers (11%) and SAAS providers (8%).

Radware® a provider of cyber security and application delivery solutions, announces that its SSL DDoS attack protection, DefenseSSL®, now features behavioural-based algorithms for keyless protection against HTTPS flood attacks. For the first time, organisations have the scale needed to effectively mitigate HTTPS floods. According to Google, the majority of internet traffic is now encrypted and accounts for more than 70% of internet pages. While SSL/TLS encryption is critical for many aspects of security, it also opens the door to a new generation of powerful distributed denial-of-service (DDoS) attacks. Simplifying key management SSL/TLS connections require up to 15 times more resources from the destination server than of the requesting host, meaning that threat actors can launch devastating DDoS attacks using only a relatively small number of connections. Radware’s keyless DDoS mitigation solution now makes it possible to protect from SSL-based HTTP DDoS attacks at scale without adding latency to customer communications, and while preserving user privacy and simplifying key management. Service providers and carriers serve many tenants on their network and provide them with cyber-attack protections Service providers and carriers serve many tenants on their network and provide them with cyber-attack protections. Due to their own security policies, network tenants cannot provide their decryption keys to the service provider’s or carrier’s network administrators, which leaves the providers or carriers vulnerable to HTTPS flood attacks. With no decryption capabilities, service providers and carriers are left with no effective solution to provide HTTPS flood protection to their tenants. Managing decryption keys Radware’s Chief Marketing officer, Anna Convery-Pelletier, said, “Our new DefenseSSL capabilities support carriers and service providers in protecting themselves and their customers against HTTPS flood attacks even when they don’t have access to their tenants’ decryption keys. This unique capability eliminates the massive operational complexity that comes with managing decryption keys. Further, with this solution, enterprises have the flexibility to opt for the most suitable protection to match their needs. Enterprises that have access to decryption keys can still choose to use those keys to decrypt suspected traffic and increase the accuracy of their mitigation.” Radware’s solution for keyless protection against HTTPS flood attacks is based on a stateless architecture. Traditional solutions are stateful and thus themselves vulnerable to DDoS attacks. With advanced behavioural algorithms and the combination of rate-based and non-rate-based parameters, Radware can identify DDoS attacks over encrypted traffic, even without inspection of the traffic’s content. Radware’s DefenseSSL functionality is currently available across its DefensePro advanced protection product suite.

Latest insights from the Economist Intelligence Unit’s Global Barometer show that 41% of execs think 5G is now less important than it was before the pandemic. There are numerous reasons why this could be the case, one being that 4G and home broadband has been proven to be up to the job of supporting home working.  There’s also no escaping the headlines that surround 5G and political espionage. They read like a script from House of Cards. Presidents, prime ministers, heads of foreign intelligence services and global corporate leaders, providing the colourful characters that are essential in any good political drama. It could well have made some organisations rethink their plans for adopting 5G enabled technologies and wait until there can be more assurances on security. New technologies  The latest edict by the UK government is a pretty clear statement. It has promoted many industry insiders to say that it will take years to exchange kit, possibly even a decade for some operators, as they take on the heavy lifting of removing core network components and finding alternative suppliers. The financial impact is huge: operators will have to find additional budget to purchase the kit, conduct validation and integration testing, overhaul their service wrap around offers and factor in the time and cost of retraining employees on new technology.  Achieve new ambitions related to driverless cars Despite all this, many carriers have made very public statements that they will progress with 5G as planned, some are even accelerating plans. The insight available to them confirms that there is still a good proportion of businesses and pubic bodies that see its value. It’s a way to propel smart city development and connectivity, and to achieve new ambitions related to driverless cars, and highly automated manufacturing for example. 5G therefore remains a rolling stone and regardless of the core network kit, security needs to be designed in, not bolted on, at every step of network and application design and build. New rules for working The pandemic has shaken up how we live and work. It has brought home the necessity for ultra-fast, affordable and agile communications everywhere. It’s also proved a fertile hunting ground for scammers keen to exploit the public’s thirst for up to the minute news. Click bait has been rife and it still forms one of the most effective ways to distribute malware and ransomware. Unprotected VPNs have added to the risks, as companies scrambled to roll out remote access at mass scale. It overburdened their security infrastructure and created vulnerabilities all in the name of getting home working ramped up quickly. Some companies have learnt the hard way that maintaining patches on software and keeping on top of the security education their employees receive is vital to protect operations from attack. Rural vs urban working The move to home working has also brought to light discrepancies in speed and access to communications, reigniting the rural versus city investment debate. We’ve seen some companies say that employees can now work anywhere, and others downsize their office footprints. This is opening the door for people to swap city living and commutes for more rural locations. 5G roll out plans typically focus on large cities and towns, but is this still the right strategy? I’d suggest that operators need to step back and look at the larger global trends and update their plans. Connected cows and beyond For example, farming and the environment has to be a planning priority now. To meet the needs of a predicted 9 billion people in 2050, farming supply will need to increase by 50%. COVID-19 has brought into sharp focus how precarious the global food supply chain is. In addition, this increase needs to be met with technology to make agriculture more efficient in order to preserve the world’s natural resources while meeting these goals. COVID-19 has brought into sharp focus how precarious the global food supply chain is The vision of the ‘connected cows’ is mooted as a way to solve global food security. As such, farming and the environment are set to gain greatly from technologies and applications enabled by 5G Internet of Things (IoT). But the benefits will only be realised if the connectivity and security is in place. The vast network of IoT sensors that will be used to improve farming inefficiencies, increase welfare standards and reporting, as well as efficiently manage food manufacturing will generate an abundance of data. Highly sensitive data This data will range from highly sensitive sets related to pricing and employees, critical data related to yield management and compliance, to more transactional weather and water sensor data. Ensuring continuity will be essential to not just farming productivity and meeting standards, but also protecting IP or personal information throughout the supply chain and preventing a cyberwar intended to starve people. Corporate espionage is a very real threat to manufacturing at the moment, and as farming becomes more connected, it’s expected this threat will extend as far as the farmyard. Not only that, protests against government handling of policies related to food poverty or overproduction could be done using ‘hacktivism’. It’s easy to buy a hack these days and start an online attack to make your point. So, as farming adopts technology models we usually see in the corporate world of pharma and finance, it too may become a target. Healthcare goes truly national The much talked of vision for the virtual GP accelerated in the pandemic, helping people see a GP without leaving the house. Governments have had a very real glimpse into the importance of connected healthcare in terms of saving money and time. There is now a greater likelihood that nursing teams will be given mobile devices that can access and update patient records in real-time, GPs will scale down consultation space in favour of online appointments, and prescriptions will be automatically filled and delivered at the click of a button. Comprehensive 5G networks can help make more of this happen particularly in remote areas where health care is scarce, of that there is no doubt, and this is before we get into the exciting prospect of remote brain surgery that 5G can facilitate. The pandemic also exposed the precarious nature of online healthcare But the pandemic also exposed the precarious nature of online healthcare. Patient data remains a sitting duck, as illustrated perfectly by breaches we saw across the world both in public and private delivery. At its very worst, nation state attacks pose a significant threat to public health and it’s essential there is local and global collaboration to ensure data is protected. This threat won’t wane. In fact, it is increasing as we drive more innovation and connectivity. Security experts have their work cut out. But it’s not impossible to achieve secure networks and applications, so long as we don’t put profit before people.

Companies are following government guidance and getting as many people as possible working from home. Some companies will have resisted home working in the past, but I’m certain that the sceptics will find that people can be productive with the right tools no matter where they are. A temporary solution will become permanent. But getting it right means managing risk. Access is king In a typical office with an on-premise data centre, the IT department has complete control over network access, internal networks, data, and applications. The remote worker, on the other hand, is mobile. He or she can work from anywhere using a VPN. Until just recently this will have been from somewhere like a local coffee shop, possibly using a wireless network to access the company network and essential applications. CV-19 means that huge numbers of people are getting access to the same desktop and files, and collaborative communication toolsBut as we know, CV-19 means that huge numbers of people are getting access to the same desktop and files, applications and collaborative communication tools that they do on a regular basis from the office or on the train. Indeed, the new generation of video conferencing technologies come very close to providing an “almost there” feeling. Hackers lie in wait Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical servers. Less than a month ago, we emerged from a period of chaos. For months hackers had been exploiting a vulnerability in VPN products from Pulse Secure, Fortinet, Palo Alto Networks, and Citrix. Patches were provided by vendors, and either companies applied the patch or withdrew remote access. As a result, the problem of attacks died back.  But as companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on. That’s because remote desktop protocol (RDP) has been for the most part of 2019, and continues to be, the most important attack vector for ransomware. Managing a ransomware attack on top of everything else would certainly give you sleepless nights. As companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical serversExposing new services makes them also susceptible to denial of service attacks. Such attacks create large volumes of fake traffic to saturate the available capacity of the internet connection. They can also be used to attack the intricacies of the VPN protocol. A flow as little as 1Mbps can perturbate the VPN service and knock it offline. CIOs, therefore, need to acknowledge that introducing or extending home working broadens the attack surface. So now more than ever it’s vital to adapt risk models. You can’t roll out new services with an emphasis on access and usability and not consider security. You simply won’t survive otherwise. Social engineering Aside from securing VPNs, what else should CIO and CTOs be doing to ensure security? The first thing to do is to look at employee behaviour, starting with passwords. It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposed. Best practice would be to get all employees to reset their passwords as they connect remotely and force them to choose a new password that complies with strong password complexity guidelines.  As we know, people have a habit of reusing their passwords for one or more online services – services that might have fallen victim to a breach. Hackers will happily It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposedleverage these breaches because it is such easy and rich pickings. Secondly, the inherent fear of the virus makes for perfect conditions for hackers. Sadly, a lot of phishing campaigns are already luring people in with the promise of important or breaking information on COVID-19. In the UK alone, coronavirus scams cost victims over £800,000 in February 2020. A staggering number that can only go up. That’s why CIOs need to remind everyone in the company of the risks of clickbait and comment spamming - the most popular and obvious bot techniques for infiltrating a network. Notorious hacking attempts And as any security specialist will tell you, some people have no ethics and will exploit the horrendous repercussions of CV-19. In January we saw just how unscrupulous hackers are when they started leveraging public fear of the virus to spread the notorious Emotet malware. Emotet, first detected in 2014, is a banking trojan that primarily spreads through ‘malspam’ and attempts to sneak into computers to steal sensitive and private information. In addition, in early February the Maze ransomware crippled more than 230 workstations of the New Jersey Medical Diagnostics Lab and when they refused to pay, the vicious attackers leaked 9.5GB or research data in an attempt to force negotiations. And in March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHO and healthcare organisations in general since the pandemic broke. We’ll see lots more opportunist attacks like this in the coming months.   More speed less haste In March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHOFinally, we also have bots to contend with. We’ve yet to see reports of fake news content generated by machines, but we know there’s a high probability it will happen. Spambots are already creating pharmaceutical spam campaigns thriving on the buying behaviour of people in times of fear from infection. Using comment spamming – where comments are tactically placed in the comments following an update or news story - the bots take advantage of the popularity of the Google search term ‘Coronavirus’ to increase the visibility and ranking of sites and products in search results. There is clearly much for CIOs to think about, but it is possible to secure a network by applying some well thought through tactics. I believe it comes down to having a ‘more speed, less haste’ approach to rolling out, scaling up and integrating technologies for home working, but above all, it should be mixed with an employee education programme. As in reality, great technology and a coherent security strategy will never work if it is undermined by the poor practices of employees.

The ability to treat patients in a secure environment is a base requirement of hospitals and other healthcare facilities. Whether facilities are large or small, security challenges abound, including perimeter security, access control of sensitive areas, video surveillance, and even a long list of cyber-risks. We asked this week’s Expert Panel Roundtable: What are the security challenges of hospitals and the healthcare industry?