CALABASAS, CA — September 13, 2017— Ixia, a Keysight business and leading provider of network testing, visibility, and security solutions, offers organizations advice on how they can learn from the recent Equifax breach and protect their web infrastructure.
As we come to terms with the full ramifications of the Equifax data breach, initial reports indicated that the Apache Struts vulnerabilities first reported in the first half of 2017 (CVE-2017-5638 and CVE-2017-9805) was the cause. Even though not confirmed, it highlights how critical it is to ensure that a web infrastructure is reinforced against these types of vulnerabilities, and a network infrastructure can detect and block exploiting attempts that leverage these vulnerabilities or their variants.
Any company doing business on the web will most likely be faced with a newly discovered vulnerability at some point. According to Ixia, organizations have three choices in how to address it:
1. Do nothing and run the risk of hackers exploiting your web infrastructure
This is a hackers dream and makes their job much easier. In fact, the most prevalent category in Verizon’s Data Breach Investigations Report in 2017 was Web Application Attacks which included 6,502 confirmed incidents, 3,583 with secondary motivations and 571 with confirmed data disclosure.1
2. Apply the patch without knowing how it could impact your infrastructure and potentially cause harm to your business
This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Although meant to fix problems, poorly designed patches can sometimes introduce new problems, which can adversely impact productivity or business critical processes.
3. Test the vulnerability with a virtual patch, affording you the time to validate the patch without risk to your network infrastructure
A virtual patch is a short-term implementation of a security policy meant to prevent an exploit of a newly discovered vulnerability from occurring, while allowing the components of a mission-critical web infrastructure to remain online.
“In today’s environment, virtual patches deliver a low-risk method for protecting the mission-critical components of a public-facing web infrastructure,” said Steve McGregory, Senior Director of Application Threat Intelligence at Ixia. “Ixia’s ATI team provides the tools needed to validate these patches before implementation. Tested and verified, virtual patches allow organizations to ensure security patches do not negatively impact their web infrastructure, their business or their customer’s information.”
About Ixia’s ATI Research Center
Ixia’s ATI Research Center leverages more than 10 years of experience in researching application performance and security technologies. Using advanced surveillance techniques and methodologies, its researchers identify, capture, and rapidly deliver the application and threat intelligence you need to stay a step ahead. Ixia’s products, powered by ATI, improve your security performance, bring application-level visibility and context to your monitoring tools, and validate network devices with real-world threats and application conditions.
Ixia, a Keysight Business, provides testing, visibility, and security solutions to strengthen networks and cloud environments for enterprises, service providers, and network equipment manufacturers. Ixia offers organizations trusted environments in which to develop, deploy, and operate. Customers worldwide rely on Ixia to verify their designs, optimize their performance, and ensure protection of their networks and cloud environments. Learn more at www.ixiacom.com.
About Keysight Technologies
Keysight Technologies is a leading technology company that helps its engineering, enterprise and service provider customers optimize networks and bring electronic products to market faster and at a lower cost. Keysight's solutions go where the electronic signal goes, from design simulation, to prototype validation, to manufacturing test, to optimization in networks and cloud environments. Customers span the worldwide communications ecosystem, aerospace and defense, automotive, energy, semiconductor and general electronics end markets. Keysight generated revenues of $2.9B in fiscal year 2016. In April 2017, Keysight acquired Ixia, a leader in network test, visibility, and security. More information is available at www.keysight.com.
Ixia, the Ixia logo, and IxLoad, are trademarks or registered trademarks of Ixia in the United States and other jurisdictions. All other trademarks used herein are the property of their respective owners.
Connect with Ixia
Ixia Media Contact:
Denise Idone, Director of Corporate Communications
Office: (631) 849-3500
Mobile: (516) 659-7049
Tripwire, 2017 Verizon DBIR Highlights