under attack
Last year, according to Positive Technologies, the total number of cyber incidents in companies and organizations increased by 21% compared to the results of 2021. This includes all information security events – from direct hacks and data leaks to cross-industry consequences of various incidents, including indirect ones.
If we look directly at hacker attacks against businesses in the Russian Federation, then Rostelecom-Solar’s statistics in this area are even less reassuring: analysts counted 911,000 cybercrimes in 2022, not including massive DDoS attacks – twice as many as a year earlier.
Government and medical institutions, companies from the fields of industry, IT and finance, and scientific organizations suffered the most from the actions of hackers. So, recently Sber withstood a cyberattack from at least 30,000 devices that lasted more than a day.
In particular, the share of successful attacks aimed at network infrastructure has increased – 19% of the total number of attacks, according to Garda Technology. Most recently, in March, Uralsib was forced to turn off the service of some channels due to a prolonged DDoS attack on the bank’s network infrastructure.
The fact is that modern corporate networks are a heterogeneous structure, often consisting of local and cloud components – traditional information security tools most often focus on protecting only individual components of this network.
Therefore, every year it becomes easier for hackers to carry out attacks on the network infrastructure.
Last time
In 2022, in more than half of the cases, hackers used malware, most often ransomware and ransomware. In particular, 34% of attacks exploited IT infrastructure vulnerabilities.
In addition, social engineering, including phishing emails, is still a popular method for cybercriminals — 45% of Russians faced it last year . Many of them were aimed at the most vulnerable employees of companies and organizations.
But the main problem in the growth is not so much the quantity, but the quality and speed of attacks. This became possible due to the fact that in 2022 cyber fraudsters began to use intelligent technologies more often.
For example, artificial intelligence tools allowed them to instantly generate huge streams of requests that mimic user requests, thereby overloading the network and probing it for vulnerabilities.
Intelligent tools have completely changed the rules of the game. So, for quite a long time companies have been using firewalls that provide protection based on control of protocols and ports, restricting traffic to and from certain IP addresses.
But through innovation, hackers have learned to target applications and services instead of web browser communication ports such as 80 and 443 for HTTP and HTTPS. Therefore, businesses have to invest in next-generation network security tools.
Who’s new?
Many companies are thinking about switching to NGFW – literally “next generation firewall”. The main feature of such solutions is the ability to identify traffic and bind it to a specific user or even to an application.
The process goes like this: all data transmitted over a network or over the Internet is broken into smaller parts – packets. NGFW carefully checks each of them – source and destination IP addresses, ports and protocols, where each packet comes from, where it goes and how it gets there.
As a result of this evaluation, the system either blocks or passes the data packet. As a result, recognition accuracy and incident prevention speed are significantly improved compared to traditional tools.
NGFW firewalls contain:
-
intrusion prevention system (IPS): scans network traffic, detects malware and blocks it;
-
Deep Packet Inspection (DPI): improves packet filtering by parsing the body of each packet in addition to the header;
-
targeted application control: detects and blocks traffic based on which applications it is directed to;
-
Threat intelligence streams: Updated information to identify the latest threats.
As companies continually expand their operations by deploying multi-vendor cloud solutions and hosting more and more diverse applications, new threats are constantly emerging and traditional firewalls may not provide adequate protection.
NGFW solutions offer room for future upgrades, providing the flexibility to adapt to changing threats and secure your network.
as a service
The as-a-service model can help accelerate the introduction of NGFW into the information security practice of companies – and this is a very desirable moment in modern conditions.
This is not a novelty for the market as a whole: a third-party firewall hosted in the cloud is a well-known model of information security services.
Configuration, maintenance and updating of cloud firewalls is carried out by the provider, not by the client, which removes the need for the client to keep specialists on staff to support this solution.
From a financial point of view, the choice of such a model for the client means a reduction in his capital expenditures (CAPEX), since all costs associated with paying for the service are transferred to the category of operating costs (OPEX) for him.
Where to get?
In 2022, many companies were concerned about the departure of global NGFW suppliers from Russia, such as Fortigate, Palo Alto Networks, Cisco, leaving customers without technical support and software updates.
While the hackers improved their skills and programs daily, the security tools got stuck and were not able to recognize new types of incidents. Yes, and to those foreign products that remained on the market, confidence on the part of Russian business fell sharply.
However, in Russia today there are many domestic NGFWs, many of which have long been in the shadow of foreign counterparts, while not inferior to them in most characteristics. So, UserGate, Security Code, BI.Zone, Rostelecom-Solar offer their own solutions. The market is growing rapidly, and in the next year or two, new-generation domestic products should replace global NGFW imports.
Hacking attacks are very costly for businesses. For example, the OldGremlin group, famous for its records in terms of ransom amounts, requires an average of about 100 million rubles for decrypting data, and in some cases up to a billion. The growing number of requests for next-generation security tools among our customers confirms that the seriousness of the problem is recognized not only by solution providers, but also by end users.
