SYS-CON Media
 Register Now!
Save $200
Register before October 17th to SAVE! ... and also receive a FREE copy of the Best-Selling AJAX Book, a $119 Value!
Untitled Document
2008 East
Platinum Sponsor
Untitled Document
2008 East Gold Sponsors
Untitled Document
2008 East Exhibitors
Untitled Document
2008 East Media Sponsors
Untitled Document
2008 Association Sponsor
SYS-CON Media
2007 West Sponsors
Goingtomeet.com Conference Directory
SYS-CON Media
2007 East Sponsors
Untitled Document
2008 SYS-CON Events

Can't Miss RSS Feed
Subscribe to the AJAXWorld.com RSS Feed & Get All The Conference News As It Happens!

2008: Decision Year for RIAs - October 20-22, 2008 San Jose


Layered Defense in the Connected World | @ThingsExpo #IoT #M2M #Security
IoT devices have to be easy to deploy and use, but we should not forget that these devices are really just small computers

Layered Defense in the Connected World

The National Cyber Security Awareness Month is transitory, but many of the decisions we have made around the adoption of technology within our personal and business have brought with them risks that will stay with us for a while. A good example of this is the deployment and proliferation of ‘smart' or ‘connected' devices - IoT.

The Internet of Things (IoT) has promised us more personalized and automated services, optimized resource utilization, and added convenience, but we haven't always stopped to consider the risks that come with the benefits?

The number of connected devices has grown at an unprecedented rate with current estimates at between 6-12 billion devices. This number seems enormous but if you doubt it, I suggest you login into your home router and look at how many devices are registered - you may be surprised when you see your TVs, amplifiers and heating thermostats featuring on the list.

We already have cars that can drive themselves and buildings that can configure their environmental control systems based on your presence. The amount of machine-to-machine communication going on around us is growing all of the time, but in many cases we haven't considered ‘security' as part of our buying or implementation processes.

IoT devices, by their very nature, have to be easy to deploy and use, but we should not forget that these devices are really just small computers. How many of us would plug a computer straight into the Internet using the (old) original, un-patched version of an OS, with no firewall or security devices to protect it, using the default username and password? Not many, but this is what is happening in many cases with IoT devices.

The evolving threat-landscape
2016 brought the darker side of the connected world more sharply into focus, with the proliferation of botnets, and weaponized DDoS services, based on IoT devices. If we think back to the early noughties DDoS attacks were often generated by large botnets of compromised end-users workstations, because of multiple vulnerabilities and a lack of security awareness. Cyber-criminals have realized that IoT devices offer a significant capability, just waiting to be exploited in a similar way, and we all saw how thousands of relatively small, innocuous CCTV cameras and DVRs could be leveraged to generate Distributed Denial of Service (DDoS) attacks at 500Gbps or greater, affecting the availability of Internet services from a number of well-known Internet brands.

Many IoT devices have good connectivity on unmonitored network segments, and enough processing capability to drive a significant volume of DDoS attack traffic. Attacks from these devices are responsible for some of the increased scale and frequency of DDoS activity reported in Arbor Networks' annual Worldwide Infrastructure Security Report (WISR). And, DDoS is just one use-case for compromised IoT devices - more on that later....

Layers-layers-layers
Compromised IoT devices offer attackers a new way to threaten the availability of the Internet services we use, but the best way to protect our businesses has stayed the same. Most businesses today are reliant on the data and application services they utilize via the Internet, and availability issues can be very costly. To combat today's DDoS threat, businesses and governments alike need to implement a multilayer DDoS protection strategy.

Multi-layered defenses incorporate both an on-premise and cloud or ISP-based component. The on-premise component allows businesses to detect and mitigate attacks immediately, before there is any service impact. However, the on-premise solution can't deal with increasingly common, large attacks that can saturate Internet connectivity, and this is where the cloud or ISP-based service steps in - to deal with the higher magnitude attacks. The good news is that many more enterprises are adopting layered defense. Arbor's WISR showed that 30% of enterprise organizations had adopted this model in 2016, up from 23% in 2015.

Putting the right defenses in place does require investment, and there are many competing priorities in businesses for both an IT and security budget. But given the dependence most businesses now have on connectivity for interaction with customers, partners and suppliers, these kinds of defenses are essential. Incorporating availability threats into business and IT risk assessment processes can help to quantify the potential impact of a DDoS attack, helping to prioritize investment, and the WISR report shows that around two-thirds of enterprises have now taken this step.

A broader problem
The combination of DDoS and IoT devices has largely disappeared from the news headlines in 2017, but they haven't gone away. Weaponized IoT botnets are still being used to generate DDoS attacks, but more sophisticated, stealthy application layer attacks are now more of a focus than the large volumetric attacks we saw last year. But, DDoS is only one of the ways in which IoT devices can be exploited. Arbor is already seeing compromised IoT devices being used as proxies to obfuscate the original source of traffic. If you are thinking that the risk to IoT is limited to those devices that are exposed to the Internet - think again. Windows malware that looks to scan local networks for IoT devices to infect is already a reality. This would allow attackers to gain a foothold within a network, using our IoT devices, so that they could then move on to target other resources inside or outside of our networks.

The connected world brings with it huge potential, some of it good and some of it bad. IoT devices can be used to amplify existing threats and create new ones. One thing we can all do is try to avoid becoming a part of the problem, and the solution here is simply to implement good risk management process and IT security hygiene when we deploy IoT devices.

Improving the security of IoT devices and preventing their compromise are key goals of the security industry and the manufacturers of these devices, but until that is done (and it may take some time), everyone needs to protect themselves from the threats we know that are out there - and DDoS is a significant and growing threat.

About Darren Anstee
Darren Anstee, Chief Technology Officer at Arbor Networks, has 20 years of experience in pre-sales, consultancy and support for telecom and security solutions. In his position, he works across the research, strategy and pre-sales aspects of Arbor’s traffic monitoring, threat detection and mitigation solutions for service providers and enterprises around the world. Prior to joining Arbor, he spent over eight years working in both pre- and post-sales for core routing and switching product vendors. Follow Darren Anstee on Twitter ‏@cadernid

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest AJAXWorld RIA Stories
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even cod...
The National Cyber Security Awareness Month is transitory, but many of the decisions we have made around the adoption of technology within our personal and business have brought with them risks that will stay with us for a while. A good example of this is the deployment and proli...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structu...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is no...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Busin...
Untitled Document

Call 201 802-3020 or Click Here to Save $200!

Register Today and
Save $200

Your registrations includes: Golden Pass Delegates will receive full conference access on October 20-22, 2008 including: Lunch and Coffee Breaks, Collectible Bag and Archives of all sessions on DVD. Includes access to all Conference Sessions including the Technical Sessions, Exhibits, Keynotes, Vendor Technology Presentations, and Power Panels.


Sponsorship Opportunities

AJAXWorld offers the undisputed best platform to position your company as a leading vendor in the fast-emerging marketplace for AJAX and Enterprise Web 2.0.


Please call
(201)802-3020


Who Should Attend?

 CTOs & VPs of Engineering
 Directors of Technology
 Sr. User Interface Architects
 Front-End Engineers
 VCs & Industry Analysts
 Directors of Business Development
 Software Engineers
 Senior Architects
 Application Programmers & Software Developers
 Project Managers
 Web Programmers & Designers
 Companies & Organizations that need to stay in
  front of the latest Web technology

AJAXWorld Security Bootcamp

Introducing at AJAXWorld RIA Conference 2008 West the world's first-ever full, one-day immersive "AJAX Security Bootcamp" - led by one of the world's foremost AJAX security experts and teachers, HP's Billy Hoffman.

View the full one-day schedule



AJAXWorld 2008 West - Tracks

Track 01: Enterprise RIAs
Track 02: Frameworks & Toolkits
Track 03: Web 2.0 & Mashups
Track 04: Hot Topics
Track 05: The Future of the Web
Track 06: iPhone Developer Summit



Brought To You By:

AJAXWorld Magazine is the pre-eminent independent vendor-neutral resource for the fastest growing new segment of the software business: entirely Web-based applications and experiences.

Download the Latest Issue!

AJAXWorld Webcasts



SYS-CON EVENTS


AJAXWorld Keynotes & Power Panels

2008 SYS-CON TV Keynotes: Can We Fix the Web? By Douglas Crockford - by Douglas Crockford
2008 SYS-CON TV Keynotes: 2008: The Year of the RIA - by Anthony Franco
2008 SYS-CON TV Power Panel: The Business Value of RIAs
2008 SYS-CON TV Power Panel: What Lies Beyond AJAX
2007 SYS-CON TV Keynotes: Why Web 2.0 for the Enterprise Is Far More Than Just a Facelift - by Ted Farrell
2007 SYS-CON TV Keynotes: Fueling the Next Generation Web: A Peek Behind the Green Curtain - by Bob Brewin
2007 SYS-CON TV Keynotes: AJAX in the Balance - by Joe Stagner

AJAXWorld Sessions on SYS-CON.TV

· Bill Scott - Yahoo! UI Library
· David Heinemeier Hansson - AJAX on Rails
· Jesse James Garrett - Elements of User Experience
· Dion Hinchcliffe - Real World AJAX
· Eric Miraglia - Open Source AJAX Development
· Paul Rademacher - Mashing Up Your Web Application
· Adam Sah - Google Gadgets
· Doug Crockford - An Introduction to JavaScript
· David Linthicum - Enterprise Web 2.0
· Patrick Grady - The Imagination & Experience Web

AJAXWorld...All The AJAX Rock Stars in One Spot!


Past Events Archive

SOAWorld Conference & Expo 2008 East
soa2008east.sys-con.com
Virtualization Conference & Expo 2008 East
virt2008east.sys-con.com
AJAXWorld 2008 Conference & Expo East
ajaxmar08.sys-con.com
SOAWorld Conference & Expo 2007 West
www.soaworld2007.com
Virtualization Conference & Expo 2007 West
virt2007west.sys-con.com
AJAXWorld 2007 Conference & Expo West
ajaxoct07.sys-con.com
SOAWorld Conference & Expo 2007 East
soa2007east.sys-con.com
Virtualization Conference & Expo 2007 East
virt2007east.sys-con.com
AJAXWorld 2007 Conference & Expo East
ajaxmarch07.sys-con.com
Other SYS-CON Events
events.sys-con.com

Join Over 10,000 Early AJAX Adopters
Who Have Attended AJAXWorld
• A&R Edelman
• Academic Enterprise
• Accoona Corp [2 delegates]
• Acxiom
• Adams Capital Management
• Adaptive Edge
• Adaptive Path
• Adobe Systems Incorporated [21 delegates]
• Adobe Systems Romania
• Ajax13
• All Risks, Ltd.
• alliance
• Alliance For Community Care
• AlphaDetail Inc
• Altera Corporation
• Amazon.com [6 delegates]
• Appeon Corporation [2 delegates]
• Apple Computer [5 delegates]
• Apress [3 delegates]
• Arkivio
• ASA
• Astute Solutions
• Avaya Inc [2 delegates]
• Avenda Systems
• Avenue A | Razorfish [3 delegates]
• Axcella, LLC [2 delegates]
• Aximsoft
• Azimyth
• Backbase USA Inc. [4 delegates]
• BAE Systems [2 delegates]
• Bank of America [2 delegates]
• Barkley Evergreen & Partners Interactive
• Bayview Financial [2 delegates]
• BEA Systems [3 delegates]
• Billeo
• BMC Software, Inc. [2 delegates]
• Borland Software Corporation
• Bradford Technologies, Inc [2 delegates]
• Brilliance
• Brocade Communications Systems, Inc. [2 delegates]
• Brookside Capital LLC
• Brulant
• Bungee Labs, Inc [6 delegates]
• Bureau of Labor Statistics
• BUZ Interactive
• Cadena Software
• Calix Networks
• Callidus Software [2 delegates]
• Cambia Security
• Carnegie Mellon West
• Cautella, Inc.
• CBSA
• Celequest [3 delegates]
• Change Vision, Inc.
• Charles E. Kenney, CPA
• Charles Schwab & Co., Inc. [8 delegates]

   read more...


ADVERTISE   |   MAGAZINE SUBSCRIPTIONS   |   FREE BREAKING-NEWSLETTERS!   |   SYS-CON.TV   |   BLOG-N-PLAY!   |   WEBCAST   |   EDUCATION   |   RESEARCH

.NET Developer's Journal - .NETDJ   |   ColdFusion Developer's Journal - CFDJ   |   Eclipse Developer's Journal - EDJ   |   Enterprise Open Source Magazine - EOS
Open Web Developer's Journal - OPEN WEB   |   iPhone Developer's Journal - iPHONE   |   Virtualization - Virtualization   |   Java Developer's Journal - JDJ   |   Linux.SYS-CON.com
PowerBuilder Developer's Journal - PBDJ   |   SEO / SEM Journal - SJ   |   SOAWorld Magazine - SOAWM   |   IT Solutions Guide - ITSG   |   Symbian Developer's Journal - SDJ
WebLogic Developer's Journal - WLDJ   |   WebSphere Journal - WJ   |   Wireless Business & Technology - WBT   |   XML-Journal - XMLJ   |   Internet Video - iTV
Flex Developer's Journal - Flex   |   AJAXWorld Magazine - AWM   |   Silverlight Developer's Journal - SLDJ   |   PHP.SYS-CON.com   |   Web 2.0 Journal - WEB2

SYS-CON MEDIA:   ABOUT US   |   CONTACT US   |   COMPANY NEWS   |   CAREERS   |   SITE MAP
SYS-CON EVENTS  |  AJAXWorld Conference & Expo  |  iPhone Developer Summit  |  OpenWeb Developer Summit  |  SOA World Conference & Expo  |  Virtualization Conference & Expo
INTERNATIONAL SITES:   India  |  U.K.  |  Canada  |  Germany  |  France  |  Australia  |  Italy  |  Spain  |  Netherlands  |  Brazil  |  Belgium
 Terms of Use & Our Privacy Statement     About Newsfeeds / Video Feeds
Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media.
Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited.