Dynamic Vulnerability Masking
Automatically masks subscriber device and server vulnerabilities making them appear less exposed
Devices, (most commonly PC computers) have been susceptible to malware infections and malicious exploitation from the moment they began being connected to the Internet. Today, device vulnerabilities extend to far beyond PCs to smartphones, tablets, IoT devices, servers, and anything that can be connected to the Internet.
Due to limited security controls, weak passwords, and the persistence of hackers in exploiting vulnerabilities, a growing number of devices are becoming compromised, connected, and used to launch larger attacks. Recently, a botnet comprised of several hundred thousand compromised IoT devices was used to launch a historically large DDoS attack. Attacks of this nature continue to increase, as malicious actors continue to scan networks for known vulnerabilities, and exposing devices with weak passwords and weak security controls.
With Sandvine, operators can add another layer of security to the network by dynamically patching devices for known vulnerabilities, and making them look less exposed. The Network Protection feature of Sandvine’s Network Security product, identifies users, devices, and servers that are running vulnerable software versions, and leverages Sandvine’s SandScript capabilities to dynamically mask this information; making it appear that the vulnerable software is running a version with does not contain the vulnerability, deceiving the attacker into not proceeding.
Cyber Security: Considerations and Techniques
This paper describes the wide variety of solutions that CSPs and enterprise Internet security professionals are juggling today, and explains the many advantages of using network policy control to deliver secure pipes to residential subscribers and business customers.