Critical applications, categorically, have massive stores of data, are often globally utilized, have complex processing engines, and are entwined with other application services.
These applications are crucial to the everyday operations of organizations but due to their necessity, security teams need to take precautions to prevent attackers from exploiting their weaknesses.
The users of these applications rely so heavily on them working that their importance is most noticed when the apps fail.
Understanding the unique way each critical application operates and is set up for their respective organizations is crucial when identifying certain weaknesses making these apps and their data vulnerable. This knowledge will lead security teams to an awareness of potential risks and in turn, risk management tactics.
Financial Applications are often designed to deal with the specific requirements of financial institutions; these apps are pivotal for revenue and operational flow. But due to the sensitive and confidential nature of financial data, these apps are subjected to stringent regulations. Attackers may look for entry points in the systems connecting the financial organizations to online commerce systems used to process payments from customers.
Medical Applications are used to store, share, and exchange confidential data from a myriad of sources under the hospital umbrella: clinics, doctor’s offices, and specialized facilities. Much like financial applications, the data dealt with from these apps is extremely sensitive. In particular, the matter of a patient’s safety eclipses the importance of other regulations, potentially including security measures. Patient identification can get embedded into the network packet due to protocols ensuring that data is never mixed up or mistaken.
Applications used for Messaging and communication systems are hubs for personal data, outside account and user verifications, private conversations, and potentially compromising information. An analysis of the California Attorney General breach notifications for 2017 showed that 5% of reported significant data breaches were directly attributed to credential exposure via email compromise. The potential for scams aimed at both customers and employees working internally is high when an email account becomes compromised.
Legacy Systems are specialized and customized applications that are used for things like reservation systems and customer management systems. These systems have higher potential of a security breach due to a lack of maintenance and support and, as one-off systems, they are often incompatible with more modern systems and tools. This means they are low performing, but their cost is high.
An important part of risk management is understanding where sources of potential vulnerabilities exist. Most critical application systems share the same vulnerabilities which all serve as possible entry points for attackers. As part of a forthcoming report on protecting applications, F5 commissioned a survey with Ponemon that found that 38% of respondents had “no confidence” in knowing where all their applications existed. Some common vulnerabilities are:
Credential Attacks can be a result of older applications lacking vigorous authentication systems. Authentication gateways are proxies used when a critical app’s system does not support better authentication. These proxies supply higher-level authentication: all access to the critical apps has passage through the gateway, invisibly passing the legacy credentials to the critical apps. Even weaker passwords can be fortified through contemporary technologies such as federation, single sign-on, and multi-factor. Network segregation is needed for these newer authentication technologies to be effective.
Segregation from Exploits and Denial-of-Service Attacks; reduce inbound network traffic to the limited protocols required for the app to be functional through segregation with firewalls and virtual LANs. Without the ability to patch some legacy/specialized applications, a firewall will restrict attempts to connect to vulnerable services. Services like Telnet, Finger, and CharGen that are easily exploited can be blocked from external access by reducing the attack surface. Virtual patching or firewalls with intrusion prevention can also be of help.
Encryption to Prevent Network Interception; any threat that has breached your network and is already inside can be a threat to internal traffic with confidential information. A TLS or a VPN gateway can be employed if the critical application does not support transport protocol. Working similarly to the authentication gateway, these contain traffic passing through to an encrypted tunnel and should also be used for external links from the app and even trusted third parties.