The Importance of Holistic Security Solutions Encompassing On-prem and Cloud Services in Today’s Complicated Attack Landscape

Volumetric attacks: focusing on the volume of traffic directed at the attacked entity. Those are typically L3/L4 (in the OSI model) attacks. These can further split into attacks targeting a specific server (IP/URL) or service or network wide attacks that are targeting a whole network prefix or part of it (e.g., a “/24”) and can result also in “carpet bombing” attacks.

Application (L7) attacks: these attacks are more focused on the application and its behavior, business-logic, structure, and code itself. They typically result in cross-site scripting (XSS), inventory scraping, identity theft, APIs attack, etc.

Network L7 DDoS attacks: those attacks are typically targeting the L7 network protocols used to communicate with the applications / services. Those protocols would typically be HTTP, HTTPS SSL, TLS, with the more sophisticated attacks targeting TLS specifically by obfuscating the attack inside of the TLS itself. With TLS being an encrypted protocol, this creates an even bigger challenge for attack detection and mitigation solutions to detect the attack and mitigate it. DNS attacks are also gaining more popularity with “DNS dictionary” and “DNS water torture” attacks” at the forefront.

Consuming a cyber-security service from one’s service provider: organizations are typically consuming their Internet, as well as communication (landlines as well as cellular) from well-known service providers. In recent years, service providers have also added cyber-security services to their offering. For a typical organization, this means that instead of purchasing the equipment and deploying it on-premises, the organization can instead subscribe to a cyber-security service offered by the organization’s service provider. The service provider purchases the equipment, the peripherals and labor to maintain the service and equipment. The organization – simply pays to consume the service and be protected.

A combination – on-premises with cloud expansion: this option combines the deployment of on-premises equipment (owned by the organization itself) and the ability to expand to a cloud service, owned by a professional cyber-security cloud service provider. This approach is typically used when an organization wants to or needs to mitigate some of the attacks / attack volume on premise but also needs to ability to expand to cloud services in case the attack volume overcomes the on-premises capacity or if the attack becomes far more complicated for the on-premises equipment to handle. In this case, the organization can enjoy the benefits of both “worlds”.

Consuming a cyber-security service from a well-known cloud provider: this option is typically similar to the one above with an important difference that now the service is provided by a dedicated cyber-security cloud provider (such as Radware), which specializes in providing dedicated cyber-security protections and, as in the case of Radware, also develops and produces the actual cyber-security devices used to protect the organizations. Typically, dedicated cyber-security cloud providers provide the utmost professional services in the market.

On-Premises deployment: this means that the protected organization purchases all the necessary equipment and deploys it in its own organization’s datacenter or scrubbing-center. It also means that the organization is responsible for hiring skilled security personnel and accompanying peripherals such as routers, switches, landlines with appropriate throughput to absorb the attack volume.

Deploying on-premises only: enables the organization to completely control the exceptionally fine details of its attack protection policy and capabilities. If the organization has the proper skillset and labor – the organization can fine-tune its protection policies as well as keep up to speed as those change. There are also exceptionally large enterprises owning exceptionally large networks; these organizations will typically not want to pass through yet another network, as their network is large on its own. Lastly, some organizations cannot allow their data (traffic) to move out of the organization’s perimeters and on to the cloud. Thus – on-premises solutions are optimal in such cases. The cons of this approach are that the organization needs to hire experienced cyber-security personnel as well as to purchase the equipment itself (e.g., Capex).

Consuming cyber-security from a service-provider or a dedicated cloud provider: means that the organization does not have to spend Capex (no need to purchase equipment) and can go with Opex. In addition, the organization does not have to hire experienced cyber-security personnel, a task that is becoming ever more challenging over time. The Cons are that the organization needs to move its data to the cloud and rely on others to ensure it is always protected.

Do not underestimate application protection: Obviously, if your organization does not deploy applications at all then this is not necessary. However, most organizations in today’s business landscape do own and deploy applications, be it to serve their customers and / or to serve their own employes. If that is the case in your organization – you must also deploy application protection in the form of Web Application Firewalls (WAF), WAAP – Web and API protection, Bot Management protections, L7 network DDoS protections. As for deployment policy, Radware recommends deploying the network L7 DDoS protections on-premises while WAF, WAAP and Bot-management and advanced webDDoS solutions to be consumed as a service from Radware’s cloud. Application-level attacks are becoming extraordinarily complex and are employing artificial intelligence (AI) and machine learning (ML) engines and algorithms. As such, the mitigating solutions also use AI and ML. AI and ML typically require heavy computing resources, which could turn an on-premises solution to be quite expensive for an organization to own and deploy. By having those consumed by a professional cyber-security cloud owner, the organization benefits from a best-in-class solution, which is also cost-effective.

Reliant on APIs? Do not overlook this section: if you deploy services that offer APIs, either to your own employees or to your customers, it is super important that you deploy a WAAP (Web and API protection) solution. APIs are typically the biggest vulnerabilities of organizations. Even to date, developers are overlooking API “engineering excellence” and are not developing APIs with security in mind. This is reality. Overlooking this is a mistake. Radware recommends that you deploy / subscribe to a WAAP solution which will ensure your APIs are protected at all times!

Network volumetric protection is necessary: while the attack landscape is becoming increasingly sophisticated, with advanced application layer attacks, network volumetric attacks are going nowhere and are not reduced in usage nor volumes at all. Organizations must deploy or consume solutions to protect their networks at the perimeter / edge from being overwhelmed. If your organization seeks complete control over the network protection and has the resources – Radware recommends that you purchase and deploy a DDoS solution on-premises. If your budget is short of spending considerable Capex in advance and/or your in-house expertise is short, Radware offers its professional, best of breed, cloud DDoS solutions. You could also enjoy the “hybrid” strategy, where your organization will deploy a solution on-premises but also purchase “the right” to divert traffic to the Radware cloud in case attacks supersede your on-premises capacity to mitigate. This strategy lets one enjoy both worlds while keeping the overall cost of the solution effective.