Currently in front of the US Congress is the Cybersecurity Act of 2012. With so much of today's infrastructure and economy dependent on the Internet the US Govt is considering what additional measures it can take to protect critical infrastructure, government assets, companies and individuals. A portion of this act is focused on education and awareness, which we all can use in the fast moving world of security.
While we can't control what the US Govt, or any other govt does to protect us, we certainly can take action to protect our own infrastructures. Designing a strong security architecture requires building layers of security. By this I mean, having multiple security and monitoring systems that provide many methods of monitoring, detection, defense, etc. However, to do this you need to consider the various attack vectors, your gaps, and how to economically implement the architecture. In many cases, making security economical within a large organization requires leveraging solutions you already have, but possibly haven't utilized to their maximum capability.
Riverbed's IT Performance solutions not only contribute to improving efficiencies, they also have extensive capabilities related to monitoring and security. However, often our clients aren't leveraging these existing capabilities as part of their security architecture. Using tools already deployed in your infrastructure can help your organization improve security, while saving money.
In today's blog we'll briefly cover some of the security and monitoring capabilities in Riverbed's solution portfolio.
While Rivered is know as the IT Performance company, you can see we also have useful security capabilities.
Scary Fact: The Verizon 2012 Data Breach Investigations Report analyzed over 855 data breaches (i.e. compromised records). Of these data breaches the attacked organization only discovered eight percent of the breaches. Ninety-two percent of the breaches were discovered by other parties (law enforcement, fraud detection services, customers, etc). Records were exfiltrated in seconds to hours in sixty percent of the cases, while in eighty-three percent of the cases it took weeks to months for the breach to be discovered.
Are your web applications protected from code injection, cross-site scripting, insecure direct object references or cross-site request forgery? These are just a few of the most common web application vulnerabilities. If you are interested in learning more about web application security there are outstanding free resources at the Open Web Application Security Project (OWASP). One my my favorites is the WAF Best Practices article. OWASP hosted AppSec 2012 recently and was kind enough to invite Riverbed's Alex Meseil, Director of WAF, to discuss his experience and lessons learned about Cloud-based Distributed WAF - an architecture being used by some of the largest Internet content providers today.
We all need to be aware of the challenges with security, especially at the application layer. Contact Riverbed today to discuss how we can further assist.
©2014 Riverbed Technology. All rights reserved. Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein may not be used without the prior written consent of Riverbed Technology or their respective owners.
Riverbed. WAN optimization for your network: Application acceleration, WAN bandwidth optimization, and IT consolidation. Riverbed is the IT performance company. WAN optimization solutions from Riverbed liberate businesses from common IT constraints by increasing application performance, enabling consolidation, and providing enterprise-wide network and application visibility – all while eliminating the need to increase bandwidth, storage or servers. Thousands of companies trust Riverbed to deliver greater productivity and cost savings by making their IT infrastructure faster, less expensive and more responsive. Riverbed solutions are also available as managed services through select providers.