Top 3 Reasons Why Application-Layer Defenses Are

Necessary for Todays Malicious Attacks

Weve made a conscious decision to focus on application-layer defense to

mitigate cyber threats and attempt to eradicate the chance of data breach in
an organization. Heres why:
1.

Successful attacks on web applications through the network

layer are much harder today than when they first appeared.
Were not talking about network layer attacks like the ILOVEYOU virus
that spread through email and self-forwarding means, although clearly
we dont hear about many of those anymore either. When web
applications first appeared, they were entirely centralized at one
location. This non-distributed infrastructure represented a single point
of failure and could result in the application being brought to its knees
by a denial of service, or DDoS attack. Simply by flooding the
server with a large number of requests or by sending large SQL firing
requests, the servers resources (CPU, memory, sockets or threads for
example) would be exhausted and deny serviceability.

While its easier than ever to mount a DDoS attack today (with a mere $10
and searching for web stressor apps you can find many options), several
developments have made mounting a successful DDoS attack harder than
ever. First, the evolution to a distributed architecture of application delivery
added resiliency to an app and raised the difficulty of bringing down all
instances of a typically load balanced application. Second and just as
important, network-based defenses at either an ISP or on-premise have also
become much better at identifying and defending against DDoS attacks.
Today, while prices can still be high for some forms of DDoS security, for
relatively modest sums, anti-DDoS protection can be added to most CDNs.
Therefore the application owner often does not need to worry about
protecting their apps against DDOS attacks
2.

It is very difficult to wring out application layer

vulnerabilities. While getting to perfect code is a great concept, we
all know through real-world experience that todays process of
vulnerability identification during development and iterative
remediation is highly manual, doesnt scale and slows down our
gradual shift to agile and bimodal IT processes. We also know that
no amount of training for the developers on security will eliminate

coding flaws. No human is perfect, and we know from history that

humans are the weakest link in security strategies. Whats worse,
development groups that are under the gun to get products out the
door will resist efforts from App Sec IT to baseline risk, undergo
extensive security training and modify their processes, on a dime. With
15 years of OWASP categorizing exploitable vulnerabilities in
applications, the prevalence rates in most code being written for the
web is still very high. Its the reason that reputed analyst firm Gartner
states that vulnerable applications are still the #1 means hackers
employ to breach data (stated as recently as at the Gartner Security
and Risk Management Summit in June 2016).
3.

Network-layer signatures for application-layer attacks are very

hard to develop. Think about it. Each exploit could use a wildly
different payload to exercise an application-layer vulnerability. This
makes content-based signatures almost useless. Add to that the fact
that cybercriminals are using short-lived command control centers and
BOTs to avoid detection by IP reputation-based solutions and that
complicates the problem further. Lastly, behavioral cyber security
solutions are too coarse to detect fine-grained malicious activity that
deviates from an applications normal behavior. As a result, cyber
security solutions that focus on tracing malicious application activity
through network layer stimulus are totally blindsided. Unfortunately,
this is where the bulk of our IT security dollars are spent.

This is why we believe that cyber security solutions that factor in finegrained application layer behavior have a much better shot at detecting
cyber-attacks and APTs (advanced persistent threats). This is because the
most sophisticated attacks like APTs occur in the memory of the target
application. Ultimately, the attacker is trying to get to important data, most if
not all of it sits behind an application, and trying to take control of an
application by having their malicious code execute as opposed to the
applications good code presents the highest chance of success.
In my view, the ability to look deep inside the application process memory
for malware activity is the key to success for todays advanced threat
environment.