MAHWAH, New Jersey
July 25, 2012
® (NASDAQ: RDWR), a leading provider of
solutions for virtual and cloud data centers, today announced that common problems with a cloud scrubbing solution, attributes of financially motivated attacks, ineffective deployment of web application firewalls and popular hacktivist attack tools are the leading areas of knowledge that IT managers need to improve upon to enhance their attack mitigation proficiency. These topics were identified based on the results of the company's
Attack Mitigation Black Belt Challenge
, a five-week contest that provided IT managers with a real-time assessment of their industry expertise of current security topics, including constantly evolving risks, attack techniques and regularly used security and control solutions.
The Challenge took participants through assessments comprised of 10 cyber security-related questions. All participants began at the novice, or White Belt, level and advanced to higher expert belt levels - Yellow, Green, Red, then Black Belt - by correctly answering increasingly difficult questions. Each round revealed the areas where IT managers need to improve their security expertise most, derived from the subject matter of the questions that were frequently answered incorrectly. Among them were:
- More than 63 percent of White Belt participants were unable to correctly identify the most common problem with a cloud scrubbing-solution ( Correct answer: The time it takes to start effective scrubbing once the service is initiated).
- Nearly 60 percent of Yellow Belt participants could not distinguish attributes of a financially-motivated attack technique ( Correct answer: Focus on monetizing targeted electronic data, "Loud" aggressive & persistent, single-vector intrusions).
- Forty-three percent of White Belt participants could not identify the most ineffective deployment of a web application firewall used to mitigate threats ( Correct answer: Span-port).
- Nearly 39 percent of White Belt participants could not select the least favorite tool of the group Anonymous in hacktivism attacks (Correct Answer: Raptor).
"Out of the 383 participants that started the Challenge, nearly 10 percent had the required security expertise needed to complete the four levels and achieve Black Belt Status," said
, Radware's vice president of Security Solutions who also developed and administered the Challenge. "This statistic should be a fire bell to the IT security industry. We hope that this disparity is the catalyst for IT managers and security professionals to pursue professional educational classes that will not only enhance their attack mitigation expertise, but also help them apply that newly developed knowledge to better protect their companies' networks."
The Challenge results did hold some good news, as participants were adept at understanding cyber security issues such as Advanced Persistent Threats, DoS and DDoS attacks.
- More than nine out of 10 participants could positively identify attributes of Advanced Persistent Threats ( Correct answers: S pread over days and/or weeks, leverage multiple vectors, combine zero-day - known vulnerabilities and reconnaissance).
- Ninety-three percent of participants could identify the primary cited reason for launching a DoS or DDoS attack ( Correct answer: Political/hacktivism).
- One hundred percent of participants knew that a "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate use of that service.
"It is imperative for IT managers to have a real-time assessment of their attack mitigation expertise, so they can properly defend their enterprises' networks and applications," continued Herberger. "As the challenge unfolded, the real security experts started to shine with the average scores increasing to more than 95 percent. One of these experts will become the Attack Mitigation Black Belt Champion."