Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 2 Security Challenges in Hybrid Clouds 23 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. This speed-based approach is facilitated in large part by the wide- spread availability of threat development websites, toolkits, and frameworks. Unfortunately, another by-product of these resources is the ability to easily and rapidly convert "known" threats into "unknown" threats — at least from the perspective of signature- based countermeasures. This transformation can be accomplished either by making a minor tweak to the code of a threat, or by add- ing entirely new propagation and exploit mechanisms, thereby creating what is commonly referred to as a blended threat. Many of today's threats are built to run covertly on networks and systems, quietly collecting sensitive or personal data, and going undetected for as long as possible. This approach helps to preserve the value of the stolen data and enables repeated use of the same exploits and attack vectors. As a result, threats have become increas- ingly sophisticated. Rootkits, for example, have become more prev- alent. These kernel-level exploits effectively mask the presence of other types of malware, enabling them to persistently pursue the nefarious tasks they were designed to accomplish (such as inter- cepting keystrokes). Encryption is increasingly used to secure not just sensitive or pri- vate information, but practically all traffic traversing enterprise networks. However, organizations are essentially left blind to any security threats contained inside encrypted traffic. Attack- ers exploit this lack of visibility and identification to hide within encrypted traffic and spread malware. Even legitimate websites that use SSL can be infected with malware. Moreover, attack- ers increasingly use SaaS applications to deliver malware. For example, an attacker can place a malicious file on a website with encryption and host a file to be downloaded. Without the ability to decrypt, classify, control, and scan SSL- encrypted traffic, it's impossible for an organization to adequately protect its business and its valuable data from modern threats. Threats to enterprise data center and hybrid cloud environments include: » Ransomware » Credential theft » Domain Name System (DNS) based attacks » Targeted "low-and-slow" attacks and advanced persistent threats (APTs)