It's long been known that the tense political climate in Israel has thrust it to the forefront of the global advancement in developing urban electronic security technologies. As old school detection methods such as radio chatter and video cameras integrate with the innovative monitoring tools required for a connected world – namely the proliferation of big data and social media as well as the fight against cyber-crime, Israel has led the way in many areas of defence and prevention security technology.
So, what can UK cities learn from the Israeli approach? When looking at urban security technologies, in addition to the requirements for intrusion detection and surveillance hardware, technology decision-makers within major cities must consider additional technologies to ensure the hardware and tools themselves are protected against attacks and are not compromised, and that they operate smoothly. Specifically, leaders must ensure:
QoE/QoS (Quality of Experience/Service) for mission critical applications & high priority communications
The rapid increase in IoT device sprawl brought with it ultra HD surveillance cameras into homes, making them safer and smarter. However, this has caused a dramatic increase in both the number of devices and in the network resources they consume, congesting service providers' networks. This has created a real challenge: how to make sure homeland (domestic) security and traffic which uses the same limited resources and requires real-time inspection, is not impacted and disturbed. Many Israeli cities use video surveillance to strengthen their security. With application awareness and traffic management, high priority network traffic can be prioritised so it will flow uninterrupted at all times. It identifies unique patterns of homeland security cameras versus home cameras and other devices, and is used by operators in Israel to make sure that military, law enforcement or government communications remain uninterrupted and prioritised in emergencies such as terror attacks.
Protection against volumetric attacks such as DDoS (Distributed Denial of Service) attacks
Network Behaviour Anomaly Detection (NBAD) technology should be deployed to best address the scale, diversity and fragmented nature of DDoS attacks. Israeli service providers have been targeted over the years by various threat actors trying to paralyse public networks or systems, interrupt service, or simply demonstrate their skills or malicious capabilities. The first line of defence[SO2] [ED3] for Israeli service providers combines several technologies to form a robust multi-layered defence. Proactive static defence using traffic-shaping limits the traffic to each resource capacity and assures that critical infrastructure elements protecting the network, such as firewalls and routers, cannot be overwhelmed by a DDoS attack.
Dynamic inline DDoS protection surgically mitigates attacks when they occur without over-blocking legitimate users' traffic. This multi-layered approach has proven to be effective in protecting against major attacks such as the well-known coordinated DDoS attacks organised by hacker group #opIsrael. This attack, which occurs annually on the same date (April 7) is a well-coordinated multi-vector attack large enough to disable Israeli network infrastructure and websites and with the potential to cause collateral damage to the service providers' customers. These include include banks, media, global business, and government institutes. However, the powerful solution has been able to mitigate these massive DDoS attacks instantly and prevent service disruptions to millions of Israelis.
Preventing the next WannaCry
In recent years the spread of ransomware has intensified worldwide. Once infiltrated into the endpoint (PC or mobile device), this malware encrypts the entire endpoint data and asks for ransom to decrypt it. The recent WannaCry ransomware which severely disrupted networks and organisations worldwide also used this technique. It was distributed via email, compromised sites and SMB (Server Message Block, a basic protocol in Windows to communicate in a LAN). Network-based anti-malware technology can effectively detect infected emails and prevent their download as well as block the access to compromised sites to millions of end-points before they can encrypt any data. This technology is offered today by innovative service providers and has proven to be successful because of its simple onboarding and management as well as the value it delivers. It has also proven effective as a proactive measure to prevent the download of malicious botnet code used for launching massive DDoS attacks.
During the second half of what has already been an unpredictable year for many, implementing these approaches will be incredibly important if cities are to remain secure in the face of an evolving threat landscape.
Contributed by Maya Canetti, security expert and head of products at Allot Communications
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.