This is the post about a lecture. Very interesting one, held on New York information security meetup by Carl Herberger, Vice President of Security Solutions at Radware.
I found this talk quite interesing because he pointed out that in industry we are facing something we can call a war by its execution. It does not need to be carried by a nation state and he also points out that wars may not be carried because of the territorial and military reasons, but they may have economic or asset dimension. It is described how deception is important in warfare as Sun Tzu said, but also how deception is used in cyberspace. He also gave quite interesing statistics, such as that average cyber attack during the 2013. had 7 attack vectors. They have seen attacks with over 25 attack vector, different phases, where each phase had several waves, using the tools and techniques that worked in previous and adding new attack vectors. Also, he gives some statistics about tools we are all using. As he sais current intrusion detection systems can process on average 8 concurent intrussion attempts. Some can do 20, but rare are these that can do more without being overloaded. So imagine 25 concurent intrusions using various attack vectors… almost no current system can stop it without being overloaded. Of course, the talk is not about script-kiddies, but well funded and organised attacks. He also states the problems security community is facing dealing with DDoS attacks. If you are cuting attack by blocking IP addresses or users, someone can design DoS attack with purpose to block all your users. He makes a comment on underground economy, where you can hire 10 000 bot botnet from Korea for $9.99 a day. This can make quite large traffic and put down some websites.
There is much more to hear from this guy, so enjoy: