DENVER -- Cable Next-Gen Technology Strategies -- In an era when hackers advertise on YouTube, compete on price and even offer service level agreements and free trials, anyone wanting to secure the network needs to have planned well in advance for how to handle things such as corporate BYOD strategies and cloud-based apps, Gary Sockrider, principal security analyst at Arbor Networks, told the Cable Next-Gen Technology Strategies audience here Thursday.
"Security is like insurance, you have to have it before you need it," Sockrider commented. Companies may think of security as "expensive and painful" but that's often because it was done after-the-fact, not built in from the outset, he noted. "Nothing opens up budgets like a breach." He also showed the audience how shockingly easy it is to acquire tools that can do a lot of damage. "It no longer requires mad hacking skills."
To prove his point, Sockrider, whose company is now a unit of NetScout Systems Inc. (Nasdaq: NTCT), cited security statistics from 2015 showing that 51% of data centers saw distributed denial of service (DDoS) attacks saturate their Internet connectivity, twice as many enterprises with BYOD strategies had security-related issues and one-third of service providers reported attacks on their cloud infrastructure.
"These are all next-gen things," Sockrider commented, and they can actually create vulnerabilities by eliminating the ability of a security team to simply protect an enterprise perimeter. "There is no perimeter anymore, you have to secure things where they are, and baking it in up front will be more successful than adding it on later."
The Arbor Networks executive showed how easily hackers can download tools such as low-orbit ion cannons, which are essentially point and click applications that can be used to launch DoS attacks. Hackers also advertise their skills via YouTube and even engage in price competition to attract more business, he noted.
Sockrider cited Lizard Squad, a group of bad actors who took down gaming systems for three days over Christmas 2014, spoiling a lot of holiday fun for kids and their parents, then two days later began advertising their services on YouTube to capitalize on the attention their attack garnered.
"Some offer their services for as little as $20 an hour, and they are so competitive, they offer SLAs and will conduct a free trial [taking a site down for five minutes to prove they can] to show what they can do," he said. Under their service level agreements, customer money is refunded if the target isn't taken down.
This is good news for hacktivists and nation-states that want to do damage but bad news for the folks trying to protect the enterprise, he said.
— Carol Wilson, Editor-at-Large, Light Reading