Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Radware Global Application & Network Security Report 2014-2015 Infographic


Published on

2014 was a watershed year for the security industry. Cyber-attacks reached a tipping point in terms of quantity, length, complexity and targets. Even organizations with by-the-book security programs can be caught off guard.

Radware's 2014-2015 Global Application & Network Security Report provides a comprehensive and objective review of 2014 cyber-attacks from both a business and a technical perspective and gives best practice advice for organizations to consider when planning for cyber-attacks in 2015. Download the full report here:

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Radware Global Application & Network Security Report 2014-2015 Infographic

  1. 1. What’s i<eeping Us Up At Night’? 2014 was a watershed year for the security industry. Cyber-attacks reached a tipping point in terms of quantity. length, complexity and targets. Even organizations with by—the-book security programs can be caught off guard. Attacks are evolving to become longer, larger and more sophisticated. Organizations reported week—long and month—| ong attacks in previous years—but never more than 6% reported experiencing constant attacks. This changed in 2014 when 19% of the major attacks reported were considered “constant” by the targeted organization. 52% of respondents felt they could only fight a campaign for a day or less. I 2011 -2012 -2013 [ 2014 U , _ , , Less than a day 1 hour-1 day 1 day-1 week Over a week Constantly 40% . . In 2014, one in seven attacks was larger than 10G, Such attacks challenge the victim's The Internet pipe has been 'g$: ;2fthg§fi]"§, ‘t’; ’]: "|g%the identified as the number-one ' failure point in 2014 and reflective 10% 10% . , _ attacks represent 2014's single » largest “headache'” U 10 Mbps 10Mbps 1Gbps 10Gbps or Less -1Gbps -10Gbps and above 400/0 I [ 2014 I 2013 I 2012 | 2011 35% I 30% » 25% v ~ 20% » ~ 15% I 10% A » T . 0 —~—— —— +~— ——— -—>— Internet Pipe Firewall IPS/ IDS Load Balancer The Server SQL Server (Saturation) (ADC) Under Attack am. 515% 1 40”“; I 351. ‘ More than a third of respondents have employed hybrid solutions to help gain 15,, “ ground against attacks, combining 10.. ., on-premise equipment with cloud solutions. 5., Nearly half suggest that they will employ a hybrid solution by 2015. 2014 2015 Mitigation techniques are being challenged with the emergence of three disruptive macro IT trends. Organizations that ignore or resist these trends, risk becoming obsolete. Great Cloud Migration Continues. Enterprise IT Dissolves Internet of Internet of Things (loT) B 1‘ an End to Controlled Endpoints ’ ‘ Introduces Incredible New Th The Software-Defined disruptive, promising or b 1 *- As both reputation loss and revenue loss from a cyber-attack are major concerns for cyber-security executives, it’s no surprise that nearly three-quarters of executives told us that security threats are now a CEO or board-level concern. Risk is high or on the rise for some targets such as Gaming, Healthcare, Mobile, Hosting & ISP, Education, Financial and Government. As companies move toward the center susceptibility to cyber-attack grows, creating a security gap. Energy & I I Q . -, 2014 Change from 2013 We asked which type of cyber-attack would cause the greatest harm to respondents’ organizations. Although DDoS was the most-cited threat type, its lead is narrow. All of the threat types are fairly well represented—suggesting that the threat landscape varies depending on each organization’s industry and business concerns. Advanced Persistent Threat ‘ Fraud 30.81% Phishirlg 36.87”/ o Theft of Proprietary Information/ . . _ Intellectual Capital ' ' ' Distributed Denial of Service (DDoS) Worm and Virus Damage 36.87% Unauthorized Access 40.91"/ o Criminal SPAM Corporate/ Geo-political Sabotage , , . , _ 1,. . . 0% 10% 20% 30% 4 0% 50% When planning cyber-attack defense, be mindful of the C. H.E. W. threats (Cybercrime, Hacktivism, Espionage and Cyber War), be demanding of vendors and always consider the following tenets: Cyber-Attack Defense = Attack Detection + Attack Mitigation. Success hinges on both the quality and time of detection and mitigation. Timing is everything. Look at time to mitigate as a key success factor and ensure that the solution deployed provides the shortest time to mitigate. Fill in the holes. DDOS mitigation solutions need to offer wide attack coverage that can detect multi-vector attacks that hit different layers of the infrastructure. Use multiple layers. Resolve the issues of single-point solutions with cloud-based protection that blocks volumetric attacks plus an on—premise solution that blocks all other, non-volumetric attacks. Mitigate SSL attacks. SSL attacks will remain a major threat in 2015. Look for SSL-based DOS/ DDOS mitigation solutions with a deployment that does not affect legitimate traffic performance Look for a single point of contact. In the event of an attack, it’s crucial to have a single point of Contact that can help divert Internet traffic and deploy mitigation solutions. 6:6 1')mw_49-1~3~s11J_x: ni5= "°"E1a§!1i1§‘jlJ'-lililslii lifijg1[[vv‘v1.1vflfilfiivvé| (§t§o| ['| '[‘Qi§:1(a§1g_i§; vJ! jI;1/ About Radware’s ERT The Emergency Response Team (ERT) has extensive experience handling attacks ‘in the wild‘ as they occur. The findings in the report are a compilation of their front—line insights and formal surveys of worldwide security professionals on the state of cyber security. 3' radware