Organizations are constantly collecting our data as we browse the internet. In some cases, users consent to giving over this information, like when they choose to fill in an online form. In other cases, this occurs without the user’s agreement. The large scale collection and analysis of personal information in fact makes up the core business of many companies, including service providers, content providers and other third parties, who each use it for commercial purposes.
Cybercrime is a major risk to countries all over the world, including those situated in the European Union. It is a major threat to the security of citizens, privacy, democracy and the economy. By 2021, cybercrime is expected to cost the world around $1 trillion per year. Already this year, ransomware attacks alone cost us $5 billion, a massive increase compared to the $325 million figure of two years ago. This is supported by a recent study of 237 companies in six countries by Ponemon Institute which revealed the severe reputational and financial consequences of cybercrime. In particular companies lose $9M, on average, each year due to cybercrime. Against the backdrop of this rapid growth in costly cyberattacks, IBM’s CEO Ginni Rometty states: “cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.” To counter this ever evolving digital threat, collective efforts are necessary to bring together industry leaders and develop innovative solutions. That’s exactly why the SHIELD project was launched.
Whether it’s AWS, Azure or Google Cloud, the cost of having your services in the cloud is reducing, and the ability to save IT expenditure is probably the main driver behind the global trend to shift more and more services and data into the cloud. IT budgets receive another boost through cloud technology usage as its costs typically fall under operating expenditure (OPEX) instead of capital expenditure which allows for more financial flexibility. As a result, cloud technology allows companies with less resources to get access to the best technology previously only available to big enterprises.
Talaia’s monitoring algorithms are based on the de facto industry standard protocol known as NetFlow.
In this whitepaper we will clarify what NetFlow is, explain its intrinsic characteristics, and why it is the best possible approach to monitoring network data, specially on high-speed links.
A couple of days ago Cisco announced a vulnerability in some of their NetFlow appliances. The vulnerability itself was not especially grave: an error in processing certain SCTP packets could be abused to remotely hang or reboot the appliance. The SCTP protocol is not widely used, and that is, most likely, one of the reasons why such a vulnerability stayed undetected for a long time.
Australia has passed laws that force Communication Service Providers (including ISPs) to perform metadata collection and retention for use for security purposes by a few government agencies.
Complying with such metadata retention laws is not an easy task from a technical standpoint. We have compiled a whitepaper reviewing the requirements imposed on service providers and how they can comply without too many headaches.
Just last month, a major cyberattack brought down the likes of Twitter, Soundcloud, Spotify and Airbnb for a few hours. Interestingly, rather than directly attacking the infrastructure of these companies, the assault targeted the domain name system (DNS) host Dyn, which is relied upon by the sites above. This is how a single attack could bring down so many sites at once.
(As you may already know, DNS a bit like the yellow pages of the Internet - but rather than mapping people's names to phone numbers, it maps domain names to IP addresses, which computers require to communicate. Hence, if the DNS provider of a site is down, it cannot be accessed by its users.)
One might imagine that pulling off an attack of this magnitude would require extreme sophistication. In practice, the disruption was caused by a rather rudimentary Distributed Denial of Service (DDoS) attack that overwhelmed the DNS servers of the aforementioned sites.