Home

Operation Aurora highlights network vulnerability

February 1, 2009

Qosmos ixEngine enables customized second layer of defense

Summary

The recent cyber attack shows that enterprises and governments cannot rely on commercial solutions alone to protect their networks and most sensitive data against sophisticated cyber attacks and Advanced Persistent Threats (APTs). By definition, commercially available software can be compromised and have not been designed to protect against zero-day attacks. As part of a second, customizable layer of security, Qosmos Network Intelligence technology would have identified abnormal network activity and mitigated the attacks.
Paris, France – February 1, 2009 – The “Operation Aurora” cyber attack, originating in China in December 2009 against Google, Juniper Networks and more than 30 other multinational companies, could have been prevented with Qosmos’s world-leading ixEngine Network Intelligence technology by detecting abnormal network activity to mitigate the attack.

The method used was an example of a “zero-day attack” exploiting a previously undiscovered hole in a program or operating system. In this instance, the attackers exploited a vulnerability in Internet Explorer through Trojan malware code that used a custom encrypted protocol to make a covert connection on port 443, a port usually reserved for standard HTTPS protocol encrypted with SSL.

Commercial solutions for anti-virus, anti-spyware, and intrusion detection systems provide effective protection against known vulnerabilities, but this attack shows they are not effective at protecting networks against so-called “zero-day” attacks.

To prevent the next Aurora, and build defenses against similar Advanced Persistent Threats to the most sensitive systems, COTS (Commercial off-the-shelf Software) is not enough. Organizations for which advanced cyber protection is critical need two layers of defense: a first layer of defense based on standard commercial product to filter out known threats – and a second, custom layer of security that has the intelligence to detect abnormal system behavior and mitigate potential attacks.

Qosmos’s building-block technology plays a key role in cyber security applications by providing full visibility into network traffic. Qosmos ixEngine inspects complete IP flows, tracks control connections and creates a full view of each application, service, and user independently of the protocols involved to feed third party systems with highly specific information.

By using Qosmos ixEngine, a second layer of defense could have detected that abnormal traffic was flowing through the targeted port and the system could have been instructed to block the traffic, which would have stopped the attack. Qosmos is offering a free evaluation version of its ixEngine Software Development Kit for system integrators and developers.

“That some of the world’s largest and, presumably, most technologically savvy companies were able to be compromised is a wakeup call that no organization is invulnerable,” said Jérôme Tollet, Qosmos CTO & Co-Founder. “The growing potential for industrial espionage, data theft and cyber terrorism – using the network as the access point – drives home the need for greater intelligence into network activity to detect and mitigate threats.” Tollet, along with other Qosmos experts, will speak on a variety of network intelligence topics at several panels during the ISS World MEA Conference in Dubai, UAE, from February 23-25. ISS World is a premier conference and training program for law enforcement and security professionals.

Qosmos network intelligence technology uses a unique query and information extraction language specially designed to query the network as if it were a database, and filters the extracted information to present only the flows of specific interest. It can either generate a structured database view of network traffic or stream the extracted information in real time for further processing and storage.

Links:

Qosmos ixEngine Overview
Qosmos Network Intelligence FAQ
Qosmos Cyber Security Brief
Advanced Persistent Threat Overview (Wikipedia)

About Qosmos

Qosmos develops network intelligence technology, providing real-time visibility into data as it crosses networks. The company’s software development kit and hardware platforms are used by systems integrators, solution developers and network equipment suppliers to make their applications more secure, efficient and profitable. Qosmos network intelligence technology enhances solutions for lawful interception, cyber security, traffic optimization, QoS management, content billing, market research and more. Qosmos customers gain unparalleled ability to understand and analyze data in transit, while they maintain control and flexibility. www.qosmos.com

###

Press Contact

Debby Stefaniak, Full Circle Communications
Phone: +1-215-712-2409 / Email: dstefaniak@fullcirclecomm.com