Is Security Testing living up to its potential?

It's sobering to look at network security headlines today.   One might come to the conclusion that little progress has been achieved in stopping security breaches.  The range of headlines runs the gamut from non-business-threatening attacks to politically driven attacks against some of the worlds largest companies.

At one end of the spectrum, a denial-of-service attack prevented voting at the recent Miss Hong Kong pageant:

The Miss Hong Kong Pageant was hit by a cyber attack on Sunday that disrupted online voting for the title.

The pageant's organiser, Hong Kong broadcast giant TVB, had earlier promised that this year's Miss Hong Kong pageant would be the most 'democratic' edition of the pageant yet," Channel NewsAsia reports.  "The panel of judges would select the top 3 contestants, but online voters will be allowed to decide how they will place."

"Sadly, TVB’s first ever attempt to institute a democratic online system to decide on the winner was overwhelmed by data traffic in what appeared to be a massive denial-of-service attack," writes The Register's Phil Muncaster.

At the other end of the spectrum, "hacktivists" made a bold political statement against the world's largest oil company:

The world’s largest oil-producing company, Saudi Aramco, was the victim of a significant cyber attack on August 15th. The oil giant recently announced that 30,000 of its workstations had been infected by a virus. A group of hackers calling themselves the 'Cutting Sword of Justice' claimed to be responsible for the attack. They allegedly infected Saudi Aramco’s systems with replicating malicious software (malware) for political reasons.

We might snicker at the first headline.  However the second headline is no laughing matter. So what is the problem?  Frankly, security is a fast moving target with:

  • More sophisticated attackers, including state-sponsored attacks
  • New types of attacks
  • A surge of botnets
  • A multitude of new user devices accessing the network
  • Complex applications having ill-defined interfaces

Security teams must keep up with these moving targets. That is why we’ve decided to do a blog series on network security testing. In the next few blogs, we’ll take a closer look at how security threats are changing and what kind of testing needs to be performed to identify them.  And we hope you'll agree that progress indeed is being made despite the moving target.

Topics we'll discuss include:

comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.