Application-Aware Testing, Using Signature-Based Attacks

Like it or not, attackers are getting more sophisticated.  A growing number of attacks can now be generated from the application level, creating new headaches for IT.  These include active content, cross-site scripting, SQL injection attacks, malicious bots and others. Imperva’s July 2012 Web Application Attack Report (WAAR) found that the typical application:

  • Can expect attack incidents 120 days per year or 33% of the time
  • Will be attacked 274 times per year
  • Faces typical attack durations of 7 minutes and 42 seconds
What can the IT department do besides take a double dose of aspirin?   In short, IT needs to ensure that their network devices are working to their potential.   Fortunately, many switches, routers and firewalls already have built-in smarts to help prevent these attacks.   They have become application aware by looking deeper into the packets to find potential threats.   However, an important question remains: are these devices working properly for the applications you use?

Data Analysis and Signatures

Data packets arriving from the network need to be inspected for "spoofing" and other threats.   Is the incoming request legitimate, or is it from someone trying to gain access to internal data?   Pre-determined or known attack patterns are called signatures or published vulnerability.  When a signature match occurs, proper action can be taken based on pre-defined policies, such as blocking the application or applying QOS.   Simple enough.  However, the permutations of testing numerous devices, each with signatures for multiple applications, quickly gets unwieldy, creating yet another headache.   Fortunately, the heavy lifting behind this is handled by application-aware security testing that takes advantage of signature repositories.

Recreate Your Application Traffic alongside Attacks

Vulnerability repositories contain signatures that describe attack permutations for many popular enterprise applications from Microsoft, Oracle, SAP and others. Repositories like these are constantly updated with new signatures, much like antivirus repositories are updated with new virus signatures. Test software and equipment can leverage these signatures to generate attack traffic in order to determine if network equipment actually identifies and prevents the attacks.  This enables network test teams to accurately recreate traffic mixes. It also improves the quality of application-level security testing – reducing false positives, while making it easier to expose potential security threats and impacts on network performance.   The best test solutions also simulate traffic coming from various user devices such as tablets, smartphones, and PCs.  This ensures that simulated attacks take place with the most realistic network traffic conditions.

No More Headaches

Application-aware network devices are necessary, but not sufficient.   The devices also need high-quality security testing.  The IT department now has a quick and accurate way to recreate both new and existing applications that can impact their networks.  Using signature-based attacks for security testing, real application traffic mixes can be recreated quickly and accurately – a must-have capability for testing and validating next-generation devices.

Related Posts:


comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.