Currently in front of the US Congress is the Cybersecurity Act of 2012. With so much of today's infrastructure and economy dependent on the Internet the US Govt is considering what additional measures it can take to protect critical infrastructure, government assets, companies and individuals. A portion of this act is focused on education and awareness, which we all can use in the fast moving world of security.
While we can't control what the US Govt, or any other govt does to protect us, we certainly can take action to protect our own infrastructures. Designing a strong security architecture requires building layers of security. By this I mean, having multiple security and monitoring systems that provide many methods of monitoring, detection, defense, etc. However, to do this you need to consider the various attack vectors, your gaps, and how to economically implement the architecture. In many cases, making security economical within a large organization requires leveraging solutions you already have, but possibly haven't utilized to their maximum capability.
Riverbed's IT Performance solutions not only contribute to improving efficiencies, they also have extensive capabilities related to monitoring and security. However, often our clients aren't leveraging these existing capabilities as part of their security architecture. Using tools already deployed in your infrastructure can help your organization improve security, while saving money.
In today's blog we'll briefly cover some of the security and monitoring capabilities in Riverbed's solution portfolio.
While Rivered is know as the IT Performance company, you can see we also have useful security capabilities.
Scary Fact: The Verizon 2012 Data Breach Investigations Report analyzed over 855 data breaches (i.e. compromised records). Of these data breaches the attacked organization only discovered eight percent of the breaches. Ninety-two percent of the breaches were discovered by other parties (law enforcement, fraud detection services, customers, etc). Records were exfiltrated in seconds to hours in sixty percent of the cases, while in eighty-three percent of the cases it took weeks to months for the breach to be discovered.
Are your web applications protected from code injection, cross-site scripting, insecure direct object references or cross-site request forgery? These are just a few of the most common web application vulnerabilities. If you are interested in learning more about web application security there are outstanding free resources at the Open Web Application Security Project (OWASP). One my my favorites is the WAF Best Practices article. OWASP hosted AppSec 2012 recently and was kind enough to invite Riverbed's Alex Meseil, Director of WAF, to discuss his experience and lessons learned about Cloud-based Distributed WAF - an architecture being used by some of the largest Internet content providers today.
We all need to be aware of the challenges with security, especially at the application layer. Contact Riverbed today to discuss how we can further assist.
Riverbed delivers the most complete platform for Location-Independent Computing, turning location and distance into a competitive advantage. The Riverbed Application Performance Platform™ allows IT to have the flexibility to host applications and data in the most optimal locations while ensuring applications perform as expected, data is always available when needed, and performance issues are detected and fixed before end users notice. At more than $1 billion in annual revenue, Riverbed has 25,000+ customers, including 97% of both the Fortune 100 and the Forbes Global 100.