The Black Hat and DEFCON events bring together the black, white and grey hat communities to share information about what’s really what when it comes to information security. Thycotic surveyed attendees at this year’s Black Hat conference to find out what works and doesn’t work when it comes to protecting data.
According to the survey results [PDF requires registration to access], privileged accounts are the most preferred way to access systems with access to email accounts and physical access to a computer the next most popular.
Unsurprisingly, end-point security software and firewalls are largely seen as irrelevant with humans the biggest reason other security controls fail. The challenges for humans are the need the constantly update software and update passwords – something that is leading to security fatigue.
Thycotic surveyed about 250 conference attendees with just over half identifying themselves as whitehats and a third saying they were greyhats.
None of the findings are particularly surprising. I’ve been saying for a while that no recent attack has been blocked by traditional security measures. With the majority of attacks exploiting ports 80 and 443, firewalls are little more than open sieves that channel traffic rather than stop anything.
If I was going to use the results of this and other similar surveys, I’d be looking at the threat landscape of today and questioning whether the security measures developed and deployed two decades ago are relevant to today’s world.
Comments
2 responses to “Hackers Say Firewalls and AntiVirus Are Irrelevant”
Come on, that’s just naive. The majority of successful attacks focus on the most vulnerable vectors, but that doesn’t mean firewall protection isn’t essential. Your view seems to be that you’re living in a house surrounded by floodwaters, seeing water leaking in your front door and arguing that since it’s all coming in there, why bother having walls?
Security measures developed and deployed two decades ago are absolutely relevant to today’s world, they’re still preventing 99% of attack vectors.
Exactly!
The only reason why attackers aren’t mainly targeting areas that can be prevented by having a Firewall / AV is…. because almost everyone has a Firewall & AV…
o_O
Logic! Astounding!
It is relevant from your perspective as someone securing the infrastructure… for a hacker, firewalls are not as relevant anymore. At no point do they say, turn off your firewalls.
All the trust in firewalls could be misplaced in cloud environments where access to a privileged account could allow you to modify firewall rules, turn them off, or create a beachhead amongst many other things. And I think that is the point this article is trying to make.
This attack vector also goes for any application accessible to a hacker (be it internet or via the beachhead) that allows elevated access. Shodan makes this much easier than in the past.
This isn’t a zero-sum game. You’ll need firewalls but realize their limitations. Too many folks put way too much trust in firewalls and WAF based firewalls alone.
Now consider how you manage your secrets to all your devices? Who and what has access to them? What is the worst thing that could possibly happen if those secrets were disclosed? What is the worst that could possibly happen if your laptop and phone is stolen, and neither locked?
Just like every thing the will need to adapt to stay relevant/ useful.
OK, so what do we do? BTW – agree with Zombie Jesus, you still need a firewall. Tried an outbound firewall for a time, but apps like Skype & FaceTime don’t play well with an outbound firewall. Time the IT industry built computers with a security first approach.
I certainly hope you aren’t just using a plain jane firewall. There’s these things called botnet defense, url filtering, application control, malware sandboxing, geoip filtering and dns filtering in many of todays firewalls. If you aren’t using the new features, you are being an idiot.