Equifax breach highlights the importance of layered security

by | 09-09-2017 | Blog

More evidence points to the use of a zero-day exploit in the recent Equifax breach, as the hack took place 4 months after the public disclosure of the vulnerability. This is why the world needs layered security.

Why attacks are still successful

A simple application firewall blocks this specific attack. A monitoring solution would have discovered attack patterns. Through Digital Risk Monitoring and vulnerability management, the visibility of Struts in their attack surface would have been limited.

Why most attacks are succesful:

  1.  Vulnerability management is only implemented on the main website (www.<company>.xyz)
  2.  Vulnerability management is not a continuous process
  3.  Organizations do not know their entire online attack surface

A simple model (based on OSI/NIST) would mitigate most attacks:

  1. Continously monitor your attack surface using Digital Risk Monitoring
  2. Perform continuous vulnerability assessment
  3. Make security a process, not a technical add-on

role of cybersprint in a healthy architecture

Check your attack surface

In March we already had a test run with the previous Struts bug. You can easily check if you are vulnerable by checking for the presence of “Java” server-side applications.

If you need help with finding out whether you are vulnerable, contact us.

Official statement by the Apache foundation in response to the Equifax report: https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax



US youngsters learn how to use coding & hacking skills

20 young people including 10 American youngsters from Albuquerque and the Navajo Nation in New Mexico will be welcomed in The Hague by Cybersprint on 21 March 2019. The young coding talents will learn how to use their coding and hacking skills in a positive way and to make the digital world safer. They will also see real life examples of how they could use these skills to increase their career opportunities. The programme is part of the CyberHeroes-week which is set up by Cyberworkplace in Rotterdam and the American Embassy in The Hague.

read more

Cybersprint Newsletter

All insights, No spam

Cybersprint Newsletter

All insights,
No spam

Cybersprint respects your privacy, read our privacy statement

Cybersprint respects your privacy,
read our privacy statement

Do you have a question?

Our specialists have the answers