Resilience under attack: Techniques for continuing online business in the face of security compromise

Abstract

As their reliance on online commerce grows, businesses are increasingly exposed to loss through unplanned outages. Security compromises represent a major cause of such outages. The traditional response to a compromised application has been to temporarily disable access to it, or to take the application offline while the issue is triaged, investigated and resolved. This can take a number of hours or even days, which can have a very real impact on business. In such cases, particularly where the vulnerability does not lead to a direct application outage, businesses will often decide to accept the risk of the security compromise in the short term. Yet this can increase the risk of the exposure being discovered by a malicious party or increase the window of opportunity for attackers where the exposure is already being exploited. It is however possible to mitigate or contain the risk of a security compromise through the use of web application firewalls (WAFs), together with appropriate organisational processes, staffing and training. WAFs allow the business to quickly and safely mitigate the risk and impact of a compromise while the issues behind the compromise are investigated and addressed. Although potentially expensive, a business case can be made for the pre-emplacement of WAFs to protect an application where the business impact of downtime is deemed critical.