Web Applications Are The Most Common Breach Targets: David Holmes, Principal Threat Research Evangelist, F5 Networks

David Holmes, Principal Threat Research Evangelist, F5 Networks in conversation with Sarabjeet Kaur, BW CIOWORLD, shares details about what they have been saying for years, “for modern organizations, their data is their business, and the gateway to that data is the application, and that’s where the need for protection is the highest today”. Excerpts:

David Holmes, Principal Threat Research Evangelist, F5 Networks

  • What are the types of existing threats which are exploiting vulnerable points of application services? 

According to our 2018 Application Protect Report, the most common initial breach target over the last year was the web application, at 53 percent. Application-related attacks accounted for the highest percentage (47 percent) of the associated breach costs. Different web attacks come and go, but the number one web application threat is always the same: injection attacks. Typically these are database (SQL) injection attacks, but we have been seeing code injection attacks against login pages as well.

  • What type of attack counts as the main contributor to data and security breach?

The second most common method of breaching an organization is through compromised identities (33 percent of the initial breach targets). Phishing attacks continue to be a huge problem, but now we are seeing sustained campaigns of credential stuffing. With credential stuffing, attackers attempt to crack new web applications with the hundreds of millions of compromised usernames and password that were revealed in all the previous breaches. Credential stuffing is effective because 75% of Internet users re-use their passwords.

  • How damaging can credential thefts be for an organization?

Compromised credentials account for 24 percent of breach costs. If you add these to the breach costs associated to web application attacks then you will find that over 70 percent of breach costs come from the threat vectors of web application attacks and identities. Many conventional security teams are still searching in the wrong places such as network hacking but the attackers have figured out the real weak spots.

  • What are the strong authentication solutions and defense strategies that you would suggest to secure web and applications?

Our top three recommendations for a modern defense strategy are:

1. Shift your focus to the primary target, i.e., applications. Too much attention is spent on just blocking ports and segmenting networks. Of course, those strategies have their value, but as the 2018 Application Protection report shows, attackers are getting deep into the data through the applications. Our survey respondents identified the Web Application Firewall as their primary tool in defending applications.

2. Prevent user mistakes that result in massive data extraction. For example, broaden the use of two-factor authentication especially for key personnel like administrators. If possible, extend two-factor to all employees. Reduce the threat surface by using proper access control.

3. Since we live in an assume-breach world, get your visibility in order. Properly decrypt application traffic coming into data centers, and user traffic exiting headquarters so that you can send it to your security inspection stack. There are a legion of instruction detection, prevention, and forensic tools available today, but they are useless if they inspect only encrypted data.


Around The World