Amritam Putatunda
Technical Product Manager
Blog

BreakingPoint StrikePacks – The X-Factor That Keeps You Current

January 27, 2020 by Amritam Putatunda

A key feature of our BreakingPoint application and security test product is the Application and Threat Intelligence (ATI) subscription that ensures users have access to timely and comprehensive application protocols and threats. Because we have a strong and active ATI team, we don’t ever have to depend on any third party to provide application, security, or threat intelligence to our customers. This means we can not only respond to customer requests in an agile manner, but also that we can follow trends and change our application or attack outputs that are published as StrikePacks released every two weeks. Let’s take a look at a few of the most recent security trends that we are tracking.

The software: As the industry moves towards building more cloud-native solutions, we find technologies like Kubernetes, Kibana, Elastic, Jenkins, Jira, and Tomcat being used for development of next-generation applications and websites. Ixia’s Application and Threat Intelligence (ATI) is also actively monitoring these new technologies and possible vulnerabilities in them and are adding them to our ever-increasing strike list repository as they are discovered.

The browsers: We don’t see as many Microsoft Tuesday vulnerabilities as there used to be. Certainly, the newer browsers are much more secure and resilient than the older browsers. However, the modern days also brought to us motivated attackers, nation-state actors who will jump on every vulnerability that is disclosed for a browser to leverage phishing campaigns, malicious websites, and other ways to leverage the vulnerability in a user’s browser. Which is why ATI gives special attention to all the latest browser-based vulnerabilities and a significant portion of those exploits will be found in our StrikePacks.

The operating systems:  Both client and the server OS vulnerabilities have been successfully exploited. This is especially true for the well-known servers that are used to host websites like Nginx, Apache, and IIS. We look for the vulnerabilities that can be exploited through network. These are basically any vulnerability that a malicious client or server can exploit remotely. Similarly, at the client side we especially focus on attacks vulnerable to the latest version of android or iOS phones and the latest MAC or Windows exploits. In summary, any exploit that is seen in the wild leveraging a vulnerability in the client or server OS will likely have a place in our StrikePacks.

The internet of things (IoT): Apart from ransomware, if there’s any other security vector that has so much notoriety today, it has to be IoT device vulnerabilities. As everything around us becomes “smart” by allowing access through the Internet, we see hackers using this opportunity to leverage such devices and their poor security hygiene to get control over them and use them to suit their malicious intents. The extent of damage was showcased by the Mirai botnet that had gained access to web cams to launch near terabit-scale DDoS attacks. ATI closely monitors such vulnerabilities that can happen in home appliances, routers and Wi-Fi devices, SCADA systems, etc. to ensure coverage of high-severity vulnerabilities in the IoT space. 

The daily malware: While we are on the topic of strikes, it’s also important to point out that apart from providing a new set of current exploits and apps every two weeks, our ATI subscription also provides a package of malware daily. The daily packages are carefully selected from a large sample to provide wide coverage on a variety of areas like ransomware, mobile-based malware, advanced persistent threats (APTs), malware leveraging exploits, malware impacting specific verticals (financial, SCADA, etc.). Read more about the daily malware here.

The older strikes: Apart from continuously refreshing our strike lists and adding new exploits covering a diverse set of fields, there is still a lot of value in keeping and supporting all our older exploits, some of which we’ve provided for over 10 years. Some of our customers still use our older strike lists to validate long-running security regressions and to validate their security infrastructure’s ability to detect/block older attacks like ones targeting windows XP or older devices. However, we also expect our customers to upgrade their StrikePacks regularly to leverage all the new exploits, malware, and applications that we add on a regular basis. 

LEVERAGE SUBSCRIPTION SERVICE TO STAY AHEAD OF ATTACKS

The Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.