Juniper Networks, through its Mykonos Software subsidiary, has rolled out 30 new enhancements to its Mykonos Web Security software, which uses a strategy similar to a honeypot to fool hackers when they attack websites. Some of the improvements are designed to upgrade defense against a wider range of attacks, while others are aimed at increasing manageability and scalability.
The company refers to its technology as “Intrusion Deception.” Under this theme, the Mykonos Web Security solution creates detection points that identify hackers in real-time based on their interactions with portions of the code that look like means of access to the website, but they are actually traps for hackers.
“We don't rely on signatures,” explained Edward Roberts, director of product marketing at Mykonos. “We inject detection points into the code of the web application. And when the hacker starts playing with the fake code that we inject, we know this is not a false positive. It's basically looking for the typical behavior that hackers exhibit when they're profiling and doing their reconnaissance. We can detect that reconnaissance and identify the attempt before they've actually launched the attack.”
[Related: Juniper Bys Mykonos]
In many cases, the hackers are running automated scans that then provide information to the attacker on where to successfully attack the site.
“We respond to them by inundating the scanner with fake data that says yes to every potential vulnerability, thereby making the scan useless because the vulnerabilities are not there in real life. If the hacker has to go through 10,000 reported vulnerabilities, he has to go back to manual hacking. So we are changing the economics of hacking,” said Roberts.
Once attackers are identified, the software tags the hacker by dropping a security token onto his or her machine that can be best described as a cookie that cannot be cleared without a wipe and restore of the hacker’s computer. The Mykonos software can then track the attacker’s future activities, and it can even block the machine from accessing the site. In some cases, the information can be valuable to law enforcement.
“We work with a lot of government agencies and the solution has been great,” said Carlos Olvera, technical coordinator at Mexico City-based ProtektNet. “The hackers will try to go around it, but that doesn’t seem to work. It protects the web servers very well.”
Recent enhancements to the software include features to prevent brute-force authentication, protection against directory transversal, and additional support for third-party attack data.
Mykonos Web Security software is available through the Juniper channel on a SaaS basis. According to Roberts, the solution can be used in support of various compliance requirements, including PCI.