Real-time Web Layer Threat Investigation and Remediation with Cisco Threat Response

Tom Chang

Tom Chang is Director of Business Development with Signal Sciences. Prior to Signal Sciences, Tom led solution architect teams at Facebook and MobileIron. In his spare time Tom enjoys coaching youth sports and golfing.

The Challenge of Limited Web Layer Attack Visibility

Over the past decade we’ve seen companies of all sizes and government agencies fall victim to attacks that have led to massive data breaches. And there’s no denying the adverse impact on organizations after a breach: the Ponemon Institutes’ Cost of a Data Breach Study found the global average cost of a data breach is $3.86 million. The average cost for each lost or stolen record containing sensitive and confidential information is $148.

So it’s no surprise that companies are increasing their investments in incident response tools and resources. Despite increased investments in security tooling, many incident response solutions on the market still have blind spots when it comes to web application attacks, which is the top threat vector attackers leverage to breach organizations. While many incident response product offerings are well suited to collect, analyze, and respond to threats at the endpoint or network level, they often provide no visibility into attacks against a company’s public facing web and mobile apps.

 

Legacy WAFs Fail to Provide Comprehensive Attack Context

The ideal web application security tool feeds web app indicators of attack into incident response tools. Unfortunately, the legacy Web Application Firewalls (WAF) that should do this are actually inadequate when it comes to providing actionable insights after detecting or blocking an attack. Simply reporting that a cross site scripting attack was attempted is of little value to a security analyst that wants to stay ahead of malicious adversaries. Richer context and history surrounding an attacker’s actions allows for meaningful analysis and proactive corrective action. Additionally, traditional WAFs are notorious for a high rate of false positives. Already resource strapped, the last thing an incident response team needs is to waste time chasing down threats that aren’t real.

Signal Sciences was designed specifically to address the flaws of legacy Web Application Firewalls (WAFs). Our customers have told us that they prefer our reports and dashboards that quickly provide actionable information about real attack attempts versus the “black box” WAF solutions they’ve used in the past. As for our detection accuracy, there’s no stronger endorsement than the fact that 95% of our customers use us in active blocking mode in production—legacy WAF vendors cannot make this claim.

Empowering Security Staff with Real-time Threat Visibility

null

 

Getting real-time web attack data in the hands of security operations and incident response teams is long overdue. Our partnership with Cisco and integration with Cisco Threat Response brings together threat intelligence from a multitude of sources including Talos, Cisco’s world class cybersecurity research team. This is in addition to other sources of known bad IPs including SANS and Signal Sciences own Network Learning Exchange (NLX). The additional context NLX provides will also better equip security teams using Cisco Threat Response to defend web applications and services that power our joint customers’ businesses.

Contact us if you want to hear more about what Signal Sciences and Cisco Threat Response can do for you. If you’re at Cisco Live June 10 - 13, come visit us at the Signal Sciences booth in the Security Village.