|
Old Vs. New
Conventional IPSs use signatures to detect network traffic that matches patterns known to be malicious, like the specific sequence of characters used by the Blaster worm. This technique works well against the attack it's designed for, but any variation or new attack against the same vulnerability requires a completely new rule. Additionally, evasion tactics, such as fragmenting packets in unusual ways, can fool an IDS or IPS into not detecting an exploit attempt. Security vendors are catching up, using more sophisticated techniques to monitor connection states and search for malicious traffic using rules that match behavior, not just patterns; this improves detection rates and reduces false positives. Blue Lane employs all these methods, plus a few more: Custom code built atop a modified Linux kernel emulates the network stack of the OS VirtualShield is protecting. This way, it can reassemble packets exactly as the would-be-victim OS would, thus stopping many evasive attacks cold. Blue Lane told us this processing adds only .25 ms to .5 ms of packet delay, which is typical for firewalls. How We Tested
Getting virtualshield running was as simple as extracting files to our ESX storage volume, adding them to our VM inventory and configuring some vSwitches. We used VMware's Infrastructure Client to set up our network configuration parameters, then connected to the VirtualShield Manager via Web browser. VirtualShield automatically discovered our servers and set out to probe the devices to determine OS and what running services it could protect. We generated some network traffic by scanning our servers' IP address range with Core Impact's Information Gathering module, and VirtualShield went to work doing discovery. VirtualShield couldn't detect much about one of our servers, a Red Hat Enterprise Linux device, because the portmapper had been firewalled. We used the Web interface to provide credentials that VirtualShield could use to connect to the RHEL server via SSH; it was then able to discover all of our services. We could have provided Windows login credentials to help discover services on Windows servers, and for servers that don't respond to ICMP queries, we could manually add IP addresses; Virtual Shield will then attempt to discover their services. |
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
