Equifax breach highlights the importance of layered security

by Cybersprint Blog Sep 9, 2017

More evidence points to the use of a zero-day exploit in the recent Equifax breach, as the hack took place 4 months after the public disclosure of the vulnerability. This is why the world needs layered security.

Why attacks are still successful

A simple application firewall blocks this specific attack. A monitoring solution would have discovered attack patterns. Through Digital Risk Monitoring and vulnerability management, the visibility of Struts in their attack surface would have been limited.

Why most attacks are succesful:

  1.  Vulnerability management is only implemented on the main website (www.<company>.xyz)
  2.  Vulnerability management is not a continuous process
  3.  Organizations do not know their entire online attack surface

A simple model (based on OSI/NIST) would mitigate most attacks:

  1. Continously monitor your attack surface using Digital Risk Monitoring
  2. Perform continuous vulnerability assessment
  3. Make security a process, not a technical add-on

role of cybersprint in a healthy architecture

Check your attack surface

In March we already had a test run with the previous Struts bug. You can easily check if you are vulnerable by checking for the presence of “Java” server-side applications.

If you need help with finding out whether you are vulnerable, contact us.

Official statement by the Apache foundation in response to the Equifax report: https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax

Cybersprint at Infosecurity Europe

Cybersprint will be participating in the Infosecurity Europe in London, from 4-6 June 2019. Our stand will be located in the Holland IT Security House at stand M40. We invite you to come and pay us a visit and learn more about overcoming your organisation’s cyber security challenges with our Digital Risk Protection solutions. Moreover, our colleague Robert Krenn will present on the value of ‘automated hacking’ on Thursday 6 June.

read more

Brand Protection: Protecting your organisation’s value

A good reputation is one of the most important assets for any company. That’s why many organisations invest a lot in building a positive and trustworthy brand identity. Strengthened by the emergence of a digital society, online visibility is of growing relevance for organisations that range from local to multinational. Like with every opportunity, there is also a downside. Strong brand names are immensely prone to abuse. Therefore, brand protection is becoming increasingly important.

read more

Cybersprint present at The Digital Dutch event

On 11 April 2019, KPN organises the fourth edition of The Digital Dutch Event. The event focusses on digital opportunities, inspiration, and innovation in the area of digitisation. Cybersprint will be present with a stand, where we will demonstrate our innovative Digital Risk Protection solutions and how it can assist organisations in their digital security challenges.

read more

Do you have a question?

Our experts have the answers

Contact us →