I live with an engineer and, over the years, I've discovered that his approach to solving a problem is to figure out the source of the problem before coming up with the solution. This is in direct contrast to the way I approach things: I come up with the fix without really worrying about what caused the problem. For example, if the light bulb is out in my lamp, I'll either tighten the bulb if it seems loose or replace it if it is burned out. My husband, on the other hand, will look to see if there is a problem with the lamp itself. Sometimes a burned-out bulb is just that, but sometimes it is something more complicated and needs more attention.
I think most approach network security the same way I approach a dead light bulb. We do a little preventive maintenance and then add protection like firewalls and AV software. We might understand that a breach happened because of a lack of encryption or an unpatched vulnerability, but security could be improved by digging a little deeper to understand the thought process behind the attack itself.
That's why I was so interested in Imperva's report, "The Hacker Intelligence Summary Report - The Anatomy of an Anonymous Attack." Imperva's researchers investigated an Anonymous attack from start to finish, examining the hacking methods utilized and looking at how the group uses social media to recruit participants and to coordinate attacks. According to Amichai Shulman, co-founder and CTO of Imperva:
Our research shows that Anonymous generally mimics the approach used by for-profit hackers, leveraging widely known methods - SQL injection and DDoS - to carry out their attack. We found that Anonymous, although it has developed some custom attack tools, generally uses inexpensive, off-the-shelf tools as opposed to developing complex attacks. Our research further shows that Anonymous will try to steal data first and, if that fails, attempt a DDoS attack.
The report gives those on the security side of things deep insight into how Anonymous operates, how it recruits, how long it can take for an attack to be planned and executed, and the tools the hackers use. Most importantly, it tells how to be prepared for an attempted attack:
If companies are prepared against application layer attacks and have put in place solid defenses to mitigate SQL injection, cross site scripting, local file inclusion and DDoS, then such enterprises will be well prepped against Anonymous.
Bottom line: The more we know about the activities behind the attack, the more precise the security can be. It might be a little extra work on the front end, but in the long run, it can save a lot of time and money.