Barracuda Networks, Inc., a leading provider of cloud-connected security and storage solutions, shares its review of the security industry in 2015.
Attack surfaces changed.
Infrastructures were in flux all year as companies moved between physical, virtual, public cloud, and SaaS deployments. This meant that organizations were facing new attack surfaces, and had to extend their security posture to cover these new surfaces. Many users were surprised to discover that applications in the cloud were not as secure as the cloud infrastructure. Even very popular applications like Pocket were found to be vulnerable.
|Thiban Darmalingam, Regional Manager, Barracuda, Malaysia|
Thiban Darmalingam, the Regional Manager of Barracuda in Malaysia explains, “Barracuda expanded our public cloud offerings and deployment options for our security and storage products. Our product architectures are designed from the ground up for these environments, which allows our customers to take the same security they deployed on-premises and extend this to the new surfaces. This approach simplifies our customers’ migration to the cloud be it on Microsoft Office 365, VMware, AWS, Azure, or vCloud Air.”
Barracuda Next Gen Firewalls provide connectivity across surfaces, secure all attack surfaces, provide network segmentation in the cloud, and more. Barracuda Web Application Firewalls secure apps in private and public clouds, control access to applications on cloud platforms and on-premises, and more.
Attacks related to mobile access and web applications increased.
“Several new types of attacks grew in prominence this year. We saw an increase in mobile device malware, and SMS text messages have become a popular method for social engineering and phishing attacks. The growth in BYOD and the movement between secure corporate networks and insecure home/ public networks have made mobile devices a weak link. So it’s no surprise that Allied Market Research has predicted that the global mobile security market is set to reach USD34.8 billion by 2020,” adds Thiban.
Mobility is a key component of Barracuda security solutions:
- Barracuda Mobile Device Manager provides security and management for iOS and Android devices
- Barracuda introduced CudaLaunch, a mobile app that provides secure and reliable remote access to an organization’s resources through the Barracuda NG Firewall
- The Barracuda Web Security Agent (WSA) and Barracuda Safe Browser help implement consistent web security policy on remote, off-network devices
- Barracuda Mobile Portal and TINA VPN capability are built in to our NextGen Firewalls to securely enable access for remote users
- The Barracuda Web Application Firewall secures the entire attack surface of mobile applications, REST APIs, and AJAX.
“Web application security remains one of the least understood attack surfaces, and it shows. According to the Verizon 2015 Data Breach Investigation Report (Verizon DBIR), the number of web app attacks increased by about 5% as compared to the previous year. Nearly two-thirds of these attacks are part of a Strategic Web Compromise, meaning that the hackers are targeting the web app in order to set up an attack on a different target. Activists and organized crime represent 81% of web app attackers,” explains Thiban.
To curb the rise, Barracuda enhanced its Web Application Firewall, added On-Premises Central Management, expanded availability to MS Azure App Service, and announced new training to simplify public cloud implementations. They also worked to increase public awareness on web application security, and how to best achieve security through the Barracuda WAF.
There has been a continued rise in DDoS incidents.
The number of DDoS attacks hit a record high in 2015. The latest State of the Internet – Security Report states that DDoS attacks grew 7% from Q1 to Q2 2015, and DDoS attacks increased 132% over Q2 2014. Most of these attacks lasted from 1-2 hours, though some lasted much longer.
In response to this, Barracuda launched its new next-generation firewalls, to ensure that all offices can respond quickly to DDoS attacks. These are the industry’s first advanced next-generation firewalls in the sub-$700 price range. At the same time, its Email Security solutions also include protection from DDoS attacks and its Web Application Security solutions provide advanced DDoS and application attack protection.
IT security budgets will be insufficient for “business as usual.”
IT spending increased in 2015, but the budgets were more likely to be determined by C-level executives rather than technology managers, and it included spending for departments like HR, Legal, and Sales, meaning that IT spending was happening outside of the IT department. SysAdmins continue to do more with fewer resources.