Who’s That Knocking on Your Door?

L4 Transporter

One of your own community members is presenting at Ignite. By looking more closely at URL requests to your public presence you are able to identify malicious intended web requests that do not trip standard IPS signatures. This presentation describes the process by which web sites are attacked and will show what can be done at the various stages. It will focus on the early stages of a web site attack that fall below the radar of your standard IPS signatures. You will learn how to identify and validate malicious web requests and to aggressively respond to them. The resulting actions will delay, disrupt or defer web site attacks.

We asked Phil some questions about this upcoming Ignite presentation.

What are the key takeaways from this presentation?

The visibility exists, take advantage of it.  This presentation will show you a process you can follow to identify malicious intended web traffic, and provides you with a method to respond more forcefully that will defer or deter an attacker.

What is most fascinating about this topic?

Seeing the volume of malicious intended web requests that you otherwise would not see.

In terms of security, what are the biggest challenges the healthcare industry faces?

Theft of personal information is on the rise.  Attackers are changing their tactics all the time and we must continually adapt, learning from what we see to be more proactive.

How do you identify malicious web requests that do not trip standard IPS signatures?

By analyzing samples of your URL traffic logs you will see requests that stand out as not being generated by regular visitors to your web presence.

How do attacks fall below the radar of standard IPS signatures?

The attacker is testing permissions, looking for administrative components or attempting to make invalid requests to your web server.  These behaviors are generally seen prior to the attempted exploitation of a vulnerability that can be picked up by an IPS.