Next-Generation Firewalls Fend Off New Sophisticated Cyberthreats
IMT Staff posted on August 01, 2014 |
The increasing complexity and sophistication of network security threats are driving companies of all kinds to deploy next-generation firewalls (NGFWs), rather than traditional firewalls, to better equip themselves in combatting so-called advanced persistent threats (APTs). 

As an example of the kinds of APTs that are emerging, consider Energetic Bear, also known as Dragonfly, a cyber-espionage group with possible connections to the Russian Federation. According to security firm Symantec, based in Sunnyvale, Calif., Energetic Bear has been in operation since as early as 2011 and has focused its spying efforts on the energy supply industry, particularly in North America and Europe.sophistication of network security threats are driving companies of all kinds to deploy next-generation firewalls (NGFWs), rather than traditional firewalls, to better equip themselves in combatting so-called advanced persistent threats (APTs).

The group, according to Symantec, compromised a number of strategically important organizations, which could have caused damage or disruption to energy supplies in multiple countries. Its targets have included electrical generation and grid operators, operators of petroleum pipelines, and manufacturers of industrial control systems (ICS) for the energy industry.

Energetic Bear’s hacking efforts are centered on extracting and uploading stolen data, installing malware onto systems, and running executable files on infected computers, Symantec said. The security firm added that the group is able to collect passwords, take screenshots, and catalog documents on infected computers after it invades companies’ networks by sending malware through phishing e-mails to targets.

The group has used “watering-hole attacks” by compromising websites likely to be used by employees at target organizations. It has also been able to embed remote access trojan (RAT) malware into legitimate software bundles installed at three known manufacturers of ICS equipment.

For more stories like this visit Industry Market Trends 

The growing risk of cyberattacks comes at a time when companies are adopting new connected technologies that add complexity to the threat and security landscape, such as virtualization and cloud computing. The proliferation of mobile devices in the workplace and the bring your own device (BYOD) trend are introducing new threats, as well.

In an interview with ThomasNet News, Matt Keil, a research analyst at Palo Alto Networks, a developer of NGFW technologies based in Santa Clara, Calif., said older firewall technologies control network traffic based on destination ports and protocols, as indicated in packet headers. These firewalls, called stateful firewalls, are still needed and useful, but newer threats are able to bypass such protections by riding with legitimate application traffic such as HTTP.

“Trying to control and protect traffic from advanced threats becomes very difficult with a ports-only rule base,” Keil said. “What happened over time is that applications evolved.”

A next-generation firewall is able to delve deeper than the packet headers, going down into the payload and searching out threats in the application itself. NGFW technology gives an organization the ability to distinguish and block higher-risk traffic such as malware-infected websites, social media, instant messaging, file-sharing sites, and online games. Rather than just looking at IP addresses, new firewalls can control traffic by user identity by leveraging resources such as Microsoft Active Directory (AD) and Lightweight Directory Access Protocol (LDAP).

Read More at ThomasNet 

This article was originally published on ThomasNet News Industry Market Trends  and is reprinted with permission from Thomas Industrial Network.  For more stories like this please visit Industry Market Trends.

Recommended For You