Contact Us
SQL Injection Attacks on the Rise
SecureWorks’ Security Operations Center has seen an increase in the volume of sophisticated SQL injection attacks targeting its clients’ Web applications. SecureWorks provides protection for SQL injection attacks with its iSensor™ device, however, the only way to protect an organization 100 percent is to secure the Web applications themselves. Securing Web applications is extremely important because hackers can use a variety of evasion techniques including SSL (encryption) to get beyond perimeter defenses and Network Intrusion Prevention Systems do not inspect encrypted traffic.
SecureWorks is advising organizations to take additional precautions in protecting Web applications. This can be done by reviewing your Web applications to specifically ensure that input validation and other protective measures are in place. The Web applications that should be inspected include Internet-facing Web applications and any that accept user input. Organizations should also review their logs looking for SQL input code where other input has been requested.
For more information about protecting your Web applications see: http://www.secureworks.com/research/whitepapers/sqlinjectionattacks
If you do not have the resources available to review and assess your Web applications, there are many organizations that perform these services including SecureWorks. For more information, contact SecureWorks’ security analysts at 877-884-1110.
News Roundup
SecureWorks Finds Credit Unions Attacked by Hackers 67 Percent More Than Banks, yet Banks Remain a Key Target
In a recent study spanning from February 2005 to March 2006, SecureWorks saw 67 percent more Internet attacks attempted against its credit union clients than its banking clients. SecureWorks' credit union clients range from large ($500 million to billions in assets) to smaller organizations (under $500 million in assets). On average, SecureWorks blocks 767 attacks per day per credit union client.
Kirchman Partners with SecureWorks to Offer Managed IT Security Services
Kirchman Corporation, a Metavante company and a leading provider of core automation banking software, announced that it has partnered with SecureWorks to resell their managed IT security services. SecureWorks is the largest provider of managed IT security services to the financial industry and was recently named by the IT analyst firm Yankee Group as a "market leader" among Pure Managed Security Service Providers (PMSSPs).
*New* SecureWorks Glossary
The SecureWorks glossary is a new feature to the Security Briefing that will help you define terms used in the IT industry.
DDoS (Distributed Denial of Service)
An attack in which a multitude of
compromised systems attack a single target,
thereby causing denial of service for users of
the targeted system. The flood of incoming
messages to the target system essentially forces
it to shut down, thereby denying service to the
system to legitimate users.
Signatures
Patterns
indicating misuse of a system.
SQL Injection (Structured Query
Language)
A type of
exploit in which the attacker adds SQL code to a
Web form input box to gain access to resources
or make changes to data.
SSL (Secure Socket Layer)
A
commonly used protocol for managing the security
of a message transmission over the Internet. SSL
works by using a private key to encrypt data
that is transferred over the SSL
connection.
