Rumuński magazyn branżowy IT Channel opublikował obszerny wywiad z Sergiu Banyai, Business Devlopment Manager w Veracomp Europe. Zachęcamy do zapoznania się z całością materiału w wersji angielskiej.
During the days when I drafted this article, the press agencies announced that the hackers took over the control over the Patriot rockets stationed in Turkey. On the same day, the Wall Street stock exchange has seemingly fallen following an attack of the Anonymous hackers group. The IT world has radically changed, the company being more and more dependent on the IT infrastructure. Undoubtedly, five years ago we could not discuss about attacks which affect so critical systems and organizations. We talked to Mr. Sergiu Banyai, Business Devlopment Manager – Veracomp Europe.
“When we talk about cybersecurity, we actually talk about the new attacks and methods occurred. The attacks have evolved very much in the past years, from gross attacks to sophisticated attacks APT (Advanced Persistent Threat). In the last time we can talk about attacks orchestrated by political groups. In the existing geopolitical climate, Romania may become a target of this new type of attack” declared Sergiu Banyai about the evolution of the technology used by the cybernetic attacks.
The financial banking field is also targeted by cybernetic attacks. “The fact that the degree of sophistication of attacks has increased is very obvious in the banking sector. It is noticed that the clear evolution from attacks with trojans (e.g. Zeus, Citadel san Conficker). at variants of personalized attacks for certain banks, as example being multiple attacks of 2014 and 2015 of the Dyre malware, as well as the actual version of J.Bot. The directed attacks indicate a very good knowledge by attackers of the existing protective measures in the infrastructure attacked. Another tendency which will rapidly evolve is visible, in Romania as well, namely the attacks on the operating systems and mobile devices applications” stated Sergiu Banyai.
Security as source code level
The diversification of the way in which the cyber attacks are made and the technological advance led to the appearance of new categories of security solutions. The WhiteHat range, recently entered in the Veracomp portfolio, is dedicated to the testing of vulnerabilities of the applications of Security Code Review process. Practically, this type of solutions allows a continuous testing of the programme source code, starting with the design phase and ending with the utilization stage in the production of applications.
“The WhiteHat solutions are used for testing the Web complex applications (exposed on the Internet by means of HTTP protocols – Hyper Text Transfer Web and Secure HTTP), thus targeting several professional verticals. An example is the online banking applications which are very dynamic and imply multiple changes at relatively short intervals. WhiteHat offers continuous testing of these applications and helps remove the back doors for multiple updates applied to these systems. We aim to other categories of clients for the WhiteHat solutions: the electronic trade sites, software houses and their clients, as well as some governmental institutions which have e-government processes (online systems of payments and taxes, submission of tax returns etc.)”, stated Sergiu Banyai.
Cloud computing vs. On premises
Most IT companies provide both traditional solutions on premises, as well as solutions in cloud. I have talked to Sergiu Banyai about the opportunity to invest in one of the two infrastructure methods, with pluses and minuses brought by these in the organizations.
“We consider that if a company may invest in the IT own infrastructure and has the dedicated staff for its administration, undoubtedly they must choose the ‘on premises” version. Beyond the financial calculations (the traditional “war” between CAPEX and OPEX), on premises solutions will provide a total control on the infrastructure to the companies. The cloud solutions do not provide a control on the infrastructure, which may represent a risk factor in certain situations. However, the cloud computing solutions may represent an alternative for the companies which do not have financial or human resources to develop or to administer its own infrastructure”, said Sergiu Banyai.
Another tendency identified in the infrastructure area and IT security is the focus of IT producers towards the development of appliance type equipment. “The appliances are specialized and much more performing solutions for certain tasks. For example, “load balancing” can be made for a certain amount of traffic and number of connections, using Linux servers (e.g.: NGINX or LVS). When the traffic increases significantly or in case of an attack at the application level (e.g. SSL protocol attacks), the Linux server will be “suffocated” by these tasks. In this context, ADC appliance solutions (Application Delivery Network) and WAF solutions (web application firewall) from F5 Networks take over the load balancing positions from the applications server and add advanced optimizations (caching for Web, compression, offloading SSL positions, as well as the protection of applications in case of attacks). Using the ADC hardware solutions, the infrastructure will function properly and in case of processing a large number of transactions/” stated Sergiu Banyai.
Evolution of the portfolio of solutions
As a consequence of diversification of attacks, we talk today about a large variety of security solutions and an increasingly high level of specialization. “In case of Veracomp, as well, we extended the portfolio of solutions, including solutions from Fortinet, F5, Extreme Networks, RSA and WhiteHat. The range of solutions is able to answer to varied needs, both in terms of architecture of infrastructure and in terms of their sociability” added Sergiu Banyai.
Evolution of the IT security market
The IT security market globally records one of the most important increases, trends of local market being different. “On the local market, we state the existence of insufficient budgets on the IT security area. The local companies also react in most cases after they encountered security issues and recorded financial loss or of nature.” declared Sergiu Banyai.
“The lack of proactive actions with regards to the cyber attacks may cause important prejudices for companies. A few years ago, the network level threats were limited to gross volume attacks type DoS/DdoS, and those related to applications generally concerned the change of the website content or of support database for these, these changes being made for entertainment purpose or from the desire to experiment. Today, the attacks directed to companies or internet users have as main purpose a pecuniary interest.
As examples, trojans Cryptolocker and CryptoWall encrypts the files of the users, subsequently requesting an amount of money for the decryption key.
At the level of infrastructures of the companies or government organizations, the attacks are made more and more at the macro level and most of the time concern critical or sensitive information, being coordinated by very well prepared nucleus sustained by states or criminal organizations. In this context, investing in security solutions of last generation is a mandatory requirement for organizations”, declared Sergiu Banyai.
4 trends in the IT security
Sergiu Banyai identifies four fundamental trends with regards to the way of making IT attacks.
1. Attacks on the critical infrastructure of organizations or governmental institutions, very specialized, made by well prepared groups, ones even sponsored by different states or organized criminal groups.
2. Attacks directed by different banks. In such a case, a clear evolution of the methods is noticed, from malware like Zeus, Citadel, Conficker, la Dyre and Jbot which are directed only to the customers of certain banks including detection avoidance mechanisms.
3. More and more sophisticated exploits having as target mobile operating systems (Android, OS X) and open-source type mobile applications. Apple Pay, Google Wallet and NFC based applications will be ones of the favorite targets of year 2015.
4. Extension of so-called “darknets” including TOR, Freenet, I2P etc. They will create a common basis of “operations” of different organized malicious groups in the definition, testing and implementation of new types of IT attacks.