I am sure you have heard of “Operation Aurora”, the cyber attack conducted in December 2009 against Google and more than 20 other companies, including Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrop Grumman and Dow Chemical.
Technically, the principle of the attack was simple: 1) a malware was installed on a PC by a Trojan exploiting a vulnerability in Internet Explorer, and 2) a covert connection was made using a custom encrypted protocol, instead of the standard HTTPS protocol encrypted with SSL.
The result: commercial off-the-shelf (COTS) cyber security solutions did not detect the attack…
This is a stark reminder that COTS products are not effective at detecting a zero-day attack such as Operation Aurora.
A second line of cyber protection is needed!
Qosmos plays a key role in building this second line of defense. Our customers use Qosmos network intelligence technology to provide full traffic visibility to a custom-built cyber security solution. This custom solution acts as a second line of cyber protection (complementing COTS), and is able to detect and mitigate the most advanced threats – including zero-day attacks.
In the case of Operation Aurora, a custom development based on Qosmos could have detected that abnormal traffic was flowing out of the network and the system could have been instructed to block the traffic, which would have stopped the attack. Voilà!
In this issue of QosmoNote, you can read more about how Qosmos can help you build stronger cyber security and lawful interception solutions.
You can also book a meeting with us to discuss during ISS World in Dubai, 23-25 February. Enjoy.
Thibaut Bechetoille, Qosmos CEO
Commercial Off-The-Shelf (COTS) cyber security products are necessary but not sufficient to detect zero-day attacks and advanced threats. For the most sensitive networks, a second layer of cyber defense must be developed, in the form of a custom solution combining specific human expertise with network intelligence technology.
Learn more about how Qosmos Network Intelligence building blocks can be used:
Qosmos ixMachine LI Edition probes intercept IP traffic at high throughputs and feed interception related information to third party LI management systems. The portfolio now includes IP probes for interception on IP or MAC address; AAA probes for interception on user identities provided by Radius or DHCP; email, VoIP and multi-service probes for interception of IP-based services such as Webmail or Instant Messaging.
For more information, attend our ixMachine LI demonstration at ISS World in Dubai or access online resources:
