How Application Attacks Take Advantage of Holes in Legacy Network Security Solutions

The attacks that get the most news coverage have dramatic names that make for compelling headlines. You can practically feel the intensity of brute force or volumetric DDoS attacks. These attacks target layers 1-4 of operator networks, the layers where data is moved around in the network. But, there’s a troubling blind spot in legacy network security solutions that enables hackers to go deeper into the operators network – all the way through to Layer 7, the application layer.

Attacks on the application layer aim to hone in on specific applications or functions by mimicking legitimate user traffic with the intent to cripple functionality or gain access to digital assets.

What Are Application Attacks?

Brute force and volumetric attacks are aptly named because they use up as much bandwidth as possible when going after a carriers’ network. Application attacks have more finesse, generating very little traffic as they send targeted commands to applications to overwhelm central processing units (CPU) and memory.

These attacks may go undetected and this “noisy traffic” can significantly slow legitimate traffic or cause network outages. With legacy systems, mitigation requires labor-intensive manual intervention because there’s no automated method to handle the threat. If and when network security solutions do sense a NetFlow-based volumetric attack with an application component, manual mitigation can take 15 to 20 minutes. By the time the security team has developed a strategy, the attackers have likely morphed to new signatures.

Hacker’s Favorite Application Attack Tricks

Hackers continue to develop new and more sophisticated methods to launch application attacks. Some of their favorite advanced techniques include:

  • Headless browser requests – Tools that function as a browser but without the graphical user interface. They can be used to bypass third-generation HTTP challenges. Their goal is to take websites down.
  • Many carriers lack the tools to even detect the presence of application attacks.  And these attacks put carriers’ reputations at risk. For customers, a slow down in services may not be a big deal initially. But, as the number and severity of application attacks increases, clogged pipes and slow services are not going to be acceptable.

    The impact of application attacks on carriers and their customers takes many forms:

    • Service degradation
    • Network outages
    • Data exposure
    • Consumption of bandwidth resources
    • Consumptions of system resources

    Carriers sell services based on speed and reliability. Bad press about service outages and data compromises have long lasting negative effects. Add the compounding power of social networking to quickly spread the word about service issues, and you have a recipe for reputation disaster.

    What Can Carriers Do Now?

    A new eBook from Radware – How Do You Stop What you Can’t See; The Imminent Threat of Application Attacks and How to Defend Against Them – can help answer specific questions about solutions available today to detect and mitigate application attacks.

    This is the first in a series of e-books designed to provide the latest information and thought leadership on security solutions for Carriers and Service Providers.  You’ll learn more about why application attacks are on the rise, who is responsible, and how these attacks can penetrate legacy network security solutions.  Application attacks impact your ability to provide highly-available, high-performance network services for your customers, so learn the best strategies to protect your network now and in the future.

Louis Scialabba

Louis Scialabba is Director of Carrier Solutions Marketing for Radware and is responsible for leading network security and application delivery marketing initiatives for global service providers. Mr. Scialabba has over 23 years of experience in the communications and networking industry in a variety of Sales, Marketing, and Engineering roles. Prior to joining Radware, Mr. Scialabba spent much of his early career at Tellabs, where he was Director of Mobile Backhaul Product Planning and Product Management. He later became the Head of North America Marketing for Aviat Networks. Mr. Scialabba earned a Bachelor of Science degree in Computer Engineering from the University of Illinois and a Master of Business Administration degree from St. Xavier University in Chicago.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center