A network security team can only fight what they can see, an organisation’s network security depends on their ability to rapidly detect and respond to emerging threats across their infrastructure, whether that is Tier 1 Operator, Enterprise or Cloud Provider. However, attack methods and strategies are constantly evolving, making threat detection an always-moving target. A good base to start from is understanding what type of threats may lurking in your network, these threats look very different depending on throughput of network traffic.

A Content Delivery Network or CDN is a system of distributed servers and nodes that delivers web content to a user, based on the geographical location of the user, the origin of the webpage and the content delivery service. The purpose of the CDN is to avoid bottle necks that would occur if every user tried to access content from one central location, the CDN replicates and redirects content so it is available to many users all at once. Ultimately improving user experience across multiple geographical locations (i.e. not just to those users who are physically closest to the server with the original content) and easing pressure on network infrastructure resources.

Rohit Singh, Country Manager – AsiaPAC & India, Telesoft Technologies sat on a panel at the recent 5th Data Centre India 2018 International Conference to moderate a session and discuss all things cyber security and risk in the datacentre. Together with industry experts from Tata Projects, Juniper and Sterling & Wilson, Rohit and the panel discussed how datacentres are the backbone of today’s digital economy and are vulnerable to advanced persistent cyber-attacks, despite continued investment.

A UDP flood is a type of volume based DDoS (Distributed Denial of Service) attack, where large numbers of UDP (User Datagram Protocol) packets are sent to a target server, limiting its ability to carry out its functions. UDP traffic doesn’t require a three-way handshake to make a connection like TCP (Transmission Control Protocol), it runs with lower overhead and is ideal to carry data that doesn’t need to be checked and rechecked, such as VoIP. This means it is easier for attackers to generate large traffic volumes with tools like Low Orbit Ion Cannon (LOIC) and UDP Unicorn.

A Distributed Denial-of-Service DDoS attack occurs when high rate machine generated traffic, usually from compromised systems, floods the resources of a targeted system such as a webserver, making the service unusable by legitimate users. There are many reasons for hackers/hacktivist/state actors to initiate a DDoS attack – to damage a brand, to limit web based sales, to protest or for notoriety. After the initial incident response and triage, important questions will be asked, chief among them, what did the DDoS attack cost?

Cryptojacking is running unwanted applications on endpoints and infrastructure, specifically crypto currency mining software, and it’s hard to detect. The cypto miner is stealing processing capability; Impacts are higher electricity (power and cooling) consumption, slower performance of legitimate applications or services. And high CPU run rates generate more heat and reduce lifetime.

Over three days the infosec industry came together as 19,500+ industry professionals met with 400+ international exhibitors including Telesoft Technologies to learn about state-of-the-art cyber security and attend thought-provoking and inspiring seminars.

Any business of any size is reliant on their ability to protect and secure their technology, data and networks from the many threats that they face. Intrusion Detection Systems (IDS) are and have been an integral part of this defense system. The aim of deploying an IDS into a network is to be able to identify if something untoward is happening and hopefully to be able to trap and remediate a problem sooner rather than later.

Telecommunications providers are migrating data backbones to 100GbE to carry increasing traffic volume shared between multiple services and technologies such as mobile VoLTE, Virtual Network Functions (VNFs) and Software Defined Networking (SDN) infrastructure. Data is often exchanged through virtual tunnels, where threats can hide, making detection complex, decreasing network visibility and security.

Cyber criminals have been using DNS for malicious purposes successfully for years,  malware such as DNSChanger uses DNS to target high value data held by ISP’s, CSP’s, CDN’s, Governments and Enterprise.