[ISN] Learning the art and practice of cyber-defense

http://www.timesofisrael.com/learning-the-art-and-practice-of-cyber-defense/ By David Shamah The Times of Israel July 25, 2013 Every single network protection system, even the most sophisticated, has chinks in its armor. The proof, said Comsec CEO Moshe Ishai, is that his company’s new security stress testing system, the Comsimulator, was successful in breaching the defenses of 100 percent of systems tested for resistance to DDOS (distributed denial of service) cyber-attacks, in which hackers inundate a site with traffic in order to overload it and shut it down. “The sites in question belong to large financial institutions, government agencies, and others that spent millions of dollars to ensure that their sites could withstand attacks,” said Ishai. “Our simulated attacks subjected those sites to the kinds of attacks they could expect from sophisticated government-sponsored hackers who are using the latest tools and methods to attack.” What’s true for the relatively crude DDOS attacks is also true for the more sophisticated social engineering hack attacks, in which employees of an organization click on suspicious links and install viruses and Trojans that turn their networks into components of botnets, the underground networks used to send spam and launch cyber attacks (including DDOS attacks). The bottom line is that even organizations that have spent a fortune on protecting their computer systems aren’t protected. This is what war is like, said Ishai