Story image

Mobile security scare... Should Kiwi enterprises care?

26 Jun 2014

Mobile devices, increasingly used in enterprises, are not exempt from Distributed Denial of Service (DDoS) attacks and present several potential security issues.

That's according to Palo Alto Networks, which claim Kiwi enterprises must recognise these in order to solve malware problems as quickly as possible.

The most concerning issue is the ability for mobile devices to be used unwittingly in attacks against other victims.

“DDoS attacks can happen via mobile applications, sometimes without the owner even knowing," says Gavin Coulthard, Manager Systems Engineering ANZ, Palo Networks.

"The tools to opt-in a DDoS, make it incredibly easy for users to participate in attacks, increasing the risk of liability to enterprises.

“The security issue here is not the DDoS attack itself, unless the company happens to be the intended target, but rather a mobile device policy issue.

"In other words, these applications can place the device under the control of a third party and make the organisation a participant in an attack against another victim, making the company liable.

"The best way to mitigate these issues is to identify devices that have unapproved tools and block their participation in the larger attack.”

Palo Alto Networks identifies compromised end-point devices that are participating in a larger attack by letting organisations adopt a positive-security model and ensuring that only valid application-flows are permitted across the network.

By exception, any irregular traffic identified as either suspicious or a known attack-type may then be managed accordingly.

According to Coulthard, smart enterprises need to take steps now to mitigate the risk of mobile devices being uses for DDoS attacks.

As a result, Palo Alto Networks advises the following ways to disrupt the use of unapproved applications, botnets and malware:

· blacklist unapproved hacking tools and opt-in DDoS clients for mobile devices. Assigning a policy based on the state of the device, such as the presence of blacklisted apps, places restrictions on what the device can do until the issues have been remediated

· detect botnet activity to keep users from participating in a DDoS, whether it’s willingly or unwillingly. Botnet activity hides itself from traditional firewalls and security devices as seen in Palo Alto Networks’ regular Application Usage and Threat Reports (AUTR) through:

o custom applications. Malware relies heavily on custom applications, custom or unknown traffic. It was the number one type of traffic associated with malware communications in the last AUTR report , as leading malware families continue to customise their command-and-control traffic

o the use of Secure Sockets Layer (SSL) ­ both as a security mechanism and a masking agent. SSL by itself represented 5 per cent of all bandwidth and the sixth highest volume of malware logs within known applications

o HTTP proxy services, used both as a security component and to evade controls, consistently present themselves in a high volume of malware logs.

· use network policies for application control to block unwanted applications and intercept their ability to contact command and control servers

· employ threat prevention to stop exploits and mobile malware. Break the malware lifecycle by identifying both known and unknown forms of malware, and disrupting its ability to communicate.

Edge computing market to provide ‘lucrative opportunities’
The market is set to skyrocket in the coming years, paving the way for emerging market players.
Opinion: 3 ways cloud & colocation providers can use renewables
Schneider Electric’s John Powers discusses the renewable revolution that is underway and how providers can jump on board.
Former CBRE data centre head joins EkkoSense board
Data centre expert Mark Acton will be strengthening the board as a non-executive director.
$50b modular data centre market driven by edge computing
Findings from a new research report have been released by Global Market Insights that show a burgeoning market.
Telia Carrier launches new PoP in SUPERNAP Italia data centre
Today Telia Carrier announced a new Cloud Connect PoP in the SUPERNAP Italia data centre near Milan, Italy.
Verizon makes major step towards Multi-Access Edge Compute
In a trial environment in California, the wireless provider achieved full virtualisation of baseband functions.
Interview: Edge computing - the force powering hyperconverged infrastructure
Scale Computing CEO Jeff Ready talks offerings, plans for the future, and a look as edge computing as the next tech innovation.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.