Sophisticated breaches require some effort on the part of hackers. Some of the easiest breaches are actually due to unfortunate events where applications or part of applications are accidentally left open to public access. In today’s era of intense monitoring, enterprise IT deployments are routinely scanned in real-time by the illegitimate scanners and attackers.

Leaving an application or database in default configurations can expose the entire enterprise to outside attacks and breaches. Though this seems simple to fix in theory, it’s extremely common in practice.

The graph to the right was published by Verizon Enterprise Services study and shows the number of breaches that occurred in 2017-18 time frame by industry sectors. Though not all of these attacks were due to misconfiguration or accidental exposure, the intensity of effort by attackers to breach enterprises is astounding.

Although 87 percent of the breaches took just minutes to penetrate, 68 percent went undiscovered for months or more. As all of us know, most high profile breaches occurred despite strong perimeter security. Lacking real time threat monitoring and interception at inside application and database levels, these companies had nothing to do but wait for the inevitable breach.

Source: Verizon Enterprise Services

Thoughts and analysis

As a CISO or a CIO, you’re likely quite familiar with the Verizon Enterprise study. At the same time, it probably causes significant discomfort, and might even create doubts regarding your own preparedness.

At Avocado Systems, we performed some interesting experiments on a public cloud. The observations are equally interesting. For the experiment, the lab deployed a multi-tier application ecosystem involving Tomcat servers with Java applications and two layers of databases in clustered and single instances. All applications were completely enabled to be protected and monitored by the Avocado Security Platform. Only certain parts of select applications were monitored only and not protected by configuring micro-policy actions. The Avocado Security Orchestrator generated real time maps of this application access by nefarious clients all across the world. It also prepared real time maps of nefarious accesses and attempts to penetrate into protected applications.

Exposed part of Tomcat accessed by nefarious clients

Affected Servers (red) & Presumed-Healthy Applications (green)

This is a real time representation over a period of 4 days. All of these attempts were closely monitored by micro-policies applied on a part of the Tomcat application. This image clearly shows the devastating repercussions of mistakes in perimeter security as well as misconfigurations at the application level.

2: In every instance, protected sub-components of MySQL and MongoDB intercepted and mitigated penetration attempts.

Attacks intercepted and mitigated by MySQL Database deployed in UK –

Affected MySQL DB in UK (red) and geographically mapped threats (black-hat)

Attacks intercepted and mitigated by MongoS shard deployed in UK –

Affected MongoS Shard (red), and geographically mapped threats (black-hat)

As you can see here, Avocado’s innovative pico-segmentation brings the deepest level threat monitoring and interception capabilities into applications caught every attempt on every part of the databases and applications.

It is time to reassess the security methods and practices of your organization and adopt new methods of enterprise application security. Application Security and DevSecOps automation certainly provides you the capability to build real-time threat monitoring and response. Avocado is always here to help.

For detailed reports of the study please contact us at info@avocadosystems.net or call at 1-844-778-7955.

Recommended Posts