Network Security Case Study: Financial Markets
The Equifax breach exposed private information of 147.9 million consumers because of cyber exploits on unpatched Apache web servers. Cyber attackers used that vulnerability to gain control of web servers that handled credit report disputes. The Apache Struts2 vulnerability allowed an attacker to probe for privileged user accounts and run embedded commands in the payload of a data packet. They were able to shut down firewalls and gain greater access into the system. This occurred because the servers had not been patched, another unfortunate example of human failure that opened a hole in the company’s security defenses. But is it reasonable to expect security organizations to operate with zero data loss when they are dependent on human processes and mitigating defects within software and hardware?
Could the Equifax breach have been avoided?
The answer is yes. HOPsphere Radius Security would have prevented the Equifax breach from happening. HOPsphere Radius Security is the first security solution to keep data in your data center and not allow it to escape. Existing security systems – firewalls, Intrusion Detection and Protection, Multifactor Authentication, Identity Access Management, and others – are all systems designed to keep intruders out. By design, firewalls do not restrict data outbound if it is from a trusted network. The language of the internet is the HTTP protocol, which provides a common language allowing both trusted and untrusted sources to communicate in a borderless manner. These two conditions provide a way for cyber attacks to be carried out on your systems.
HOPsphere Radius Security creates a border within the packet itself, by limiting the number of routers it can cross before expiring. This keeps your data in a protected radius. If Equifax could have limited the lifespan of packets traveling between their database servers and the Apache web servers, it could have prevented packets from traveling beyond the protected radius, regardless of the unpatched state of the server. Attackers never would have received an acknowledgment to their packet requests and no connection would have been made. HOPZERO technology provides security by leveraging function within the IP protocol without installed software or agents.
HOPZERO can help you secure your data. A HOPsnap assessment shows where your data is currently traveling and is the basis of architecting HOPsphere Radius Security into your network.
HopSphere Radius Security Key Features
- Identifies where your data is going
- Places a radius on how far data can travel
- Enforces containment for all data
- Hackers can’t get a session
- Alerts when data attempts to leave the radius