Infosec 2013: Remain ahead of attackers by identifying, tracking and 'fingerprinting' them

News by Dan Raywood

Adversaries can be kept at bay by being identified and given a 'fingerprint' to ensure you know where they are.

Adversaries can be kept at bay by being identified and given a 'fingerprint' to ensure you know where they are.


Speaking at the Infosecurity Europe 2013 conference, Nawaf Bitar, general manager of the security business unit at Juniper Networks, said that the Sony attacks of 2011 were a major problem as the same attackers kept coming back and attacking over and over again. Bitar said: “If this happens, something has gone wrong with the security and you have to do something different.


“I am not a fan of anti-virus, and what tests show is that for 40 anti-virus systems, there is a five per cent catch rate and we have to bolster our defences, but how do we get 95 per cent protection?”


Bitar said that looking at outsider attacks, you can make life difficult for the attacker and if they find it too difficult to break your defences, they may well go away and find out how sophisticated they are. “It can be a script kiddie or a nation state, but once you have determined their capability and once you know it is a bad actor,” he said.


“You need a better way to treat bad guys and we say it is with digital fingerprints which gives them a specifics to detect the attacker with no false positives as you have identified the attacker. With a fingeprint there is a probability that you can identify them and you can do something with them or not, but I think that this would have stopped the Sony attacks.”


Bitar said that this gives the company a huge amount of power as the greatest threat is the theft of intellectual property. Asked how attackers are identified in the first place, Bitar said that this is done by a deception point, of which there are thousands, to determine the attacker.


He said: “You can look at the characteristics of their device, what fonts they use, what patches they have not installed and their IP address among others. With that you can push the fingerprint to the cloud and share the details.”


He explained that the attacker is not aware that they have been identified as they will not know which characteristics you have to detect them and short of wiping their device – desktop, laptop or mobile – they will find it hard to shake the fingerprint off.


Bitar further told SC Magazine that Juniper was very willing to share the information with partners as well as users, and it had signed an agreement with RSA Security for their Spotlight Data product. He said that the product, 'Web AppSecure', built from the acquisition of Mykonos last year, gets around the problem of picking up an attacker simply by their IP address as an attacker can use a proxy or cloaking device to hide their IP address.


“You can take a device and turn it into a person and apart from them wiping or re-imaging their device, this is the easiest way to detect someone; fingerprinting will serve the greater good,” he said.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews