This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Infosec 2013: Remain ahead of attackers by identifying, tracking and 'fingerprinting' them

Share this article:
Infosec 2013: Remain ahead of attackers by identifying, tracking and 'fingerprinting' them
Infosec 2013: Remain ahead of attackers by identifying, tracking and 'fingerprinting' them

Adversaries can be kept at bay by being identified and given a 'fingerprint' to ensure you know where they are.

 

Speaking at the Infosecurity Europe 2013 conference, Nawaf Bitar, general manager of the security business unit at Juniper Networks, said that the Sony attacks of 2011 were a major problem as the same attackers kept coming back and attacking over and over again. Bitar said: “If this happens, something has gone wrong with the security and you have to do something different.

 

“I am not a fan of anti-virus, and what tests show is that for 40 anti-virus systems, there is a five per cent catch rate and we have to bolster our defences, but how do we get 95 per cent protection?”

 

Bitar said that looking at outsider attacks, you can make life difficult for the attacker and if they find it too difficult to break your defences, they may well go away and find out how sophisticated they are. “It can be a script kiddie or a nation state, but once you have determined their capability and once you know it is a bad actor,” he said.

 

“You need a better way to treat bad guys and we say it is with digital fingerprints which gives them a specifics to detect the attacker with no false positives as you have identified the attacker. With a fingeprint there is a probability that you can identify them and you can do something with them or not, but I think that this would have stopped the Sony attacks.”

 

Bitar said that this gives the company a huge amount of power as the greatest threat is the theft of intellectual property. Asked how attackers are identified in the first place, Bitar said that this is done by a deception point, of which there are thousands, to determine the attacker.

 

He said: “You can look at the characteristics of their device, what fonts they use, what patches they have not installed and their IP address among others. With that you can push the fingerprint to the cloud and share the details.”

 

He explained that the attacker is not aware that they have been identified as they will not know which characteristics you have to detect them and short of wiping their device – desktop, laptop or mobile – they will find it hard to shake the fingerprint off.

 

Bitar further told SC Magazine that Juniper was very willing to share the information with partners as well as users, and it had signed an agreement with RSA Security for their Spotlight Data product. He said that the product, 'Web AppSecure', built from the acquisition of Mykonos last year, gets around the problem of picking up an attacker simply by their IP address as an attacker can use a proxy or cloaking device to hide their IP address.

 

“You can take a device and turn it into a person and apart from them wiping or re-imaging their device, this is the easiest way to detect someone; fingerprinting will serve the greater good,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WhatsApp flaw leaves users open to spying

WhatsApp flaw leaves users open to spying

Global messaging service WhatsApp, now part of Facebook, has owned up to a security flaw which leaves it open to man-in-the-middle (MiTM) attacks.

Data breach discovery takes 'weeks or months'

Data breach discovery takes 'weeks or months'

A new report confirms what's long been feared - businesses take too long to recognise and react to a data breach.

HMRC plan to share taxpayers' data attacked

HMRC plan to share taxpayers' data attacked

A proposal by HMRC to release millions of taxpayers' personal data to private firms has whipped up a storm on data privacy.