Subversion of Layered Security
- Stefan Frei, Francisco Artes
Global Internet penetration and e-commerce have grown explosively over the past two decades. It is currently estimated, as of 2012, that more than two billion users have Internet access. With the ongoing deployment of information technology, comprehending the evolution of information security at large has become much more than the mere understanding of the underlying technologies. There is a growing realization that security failures are caused as often by bad incentives and awareness as by bad design or neglected implementation of available security technologies - while cybercriminals continue to surprise defenders with new attack methodologies and innovative evasion techniques to bypass detection.
This paper first examines the attacker’s kill chain; the main tracks from the external attacker to the target, which lead to the compromise of the victim’s server or desktop machine. Defense in depth, on the other hand, represents the use of multiple security techniques to help mitigate the risk of one component of the defense being compromised or circumvented. In the second part of this paper, we examine the four major classes of protection technologies (firewall, intrusion prevention systems, endpoint protection/antivirus, browser protection) that large organizations typically deploy and rely upon. Empirical data will be layered to present results on the security effectiveness of these protection technologies as measured in NSS Labs’ group tests. Each class of technology tested is represented by the leading products from that product group. The products are subjected to an array of the industries’ most rigorous testing procedures including load and stability, live malware, known and unpublished exploits, and diverse evasion techniques.
Generally, NSS Labs finds a considerable gap in protection levels within and across different security product groups.
- Whitepaper: Cybercrime Kill Chain vs. Defense Effectiveness (pdf)
- BlackHat Abu Dhabi - Briefings