Prediction Series #12: Moving WAFs to the Cloud Means Giving Up on App Security

By |2019-04-24T05:59:55+00:00April 24th, 2019|Security News|

WAFs in a Cloud Environment Deliver the Lowest Common Denominator for Security Different from a traditional firewall that monitors traffic between servers, a web application firewall (WAF) filters the content of specific web applications. It’s designed to filter, monitor and block HTTP traffic to and from a web application. As such, WAFs have been viewed [...]

Prediction Series #11: Servers and endpoints differ vastly from each other & cannot be protected by the same means

By |2019-04-22T22:28:22+00:00April 21st, 2019|Blog, Security News|

Priorities for servers, apps, and cloud workloads are shifting Nothing has changed the business and technology world more than the cloud. The cloud has changed the application delivery landscape, and the area that may be most effected of all is the area of security strategies. As businesses move their applications to the cloud, the security [...]

Gartner Market Guide Calls Memory Protection a “Mandatory Capability”

By |2019-04-18T20:00:06+00:00April 17th, 2019|Blog, Security News|

Cloud Workload Protection Platform Report Highlights Changing Security Needs Research firm Gartner recently released an update to its Market Guide for Cloud Workload Protection Platforms authored by influential security analyst Neil MacDonald. While the CWPP acronym might not roll off the tongue, it is rapidly emerging as an important category as businesses of all types [...]

LockerGoga Ransomware Slams Industrial Firms in Europe, Could Hit Anyone

By |2019-04-16T05:32:50+00:00April 8th, 2019|Blog, Security News|

LockerGoga combines ransom demand “negotations”, aggressive disruption and total lock out Over the last few months, a new ransomware, LockerGoga, has been hitting industrial and manufacturing firms and causing devastating impact. Later strains of it have been even more damaging than the initial rounds. In some cases, it’s evident the hackers are after money and [...]

Prediction Series #10: Reports of China chip hacking should be a warning to US supply chain

By |2019-04-22T23:13:14+00:00April 8th, 2019|Blog, Security News|

Last Fall reports came out claiming that rice-grain sized spying devices were secretly being planted onto US servers during the manufacturing process. The article created an uproar. Apple and Amazon, 2 of 30 companies said to be affected, adamantly denied the claims that malicious spy chips had been planted on their motherboards. Apple, Amazon, Supermicro [...]

Prediction Series #9: Hackers continue spending weeks & months of dwell time in networks

By |2019-04-02T00:53:06+00:00March 31st, 2019|Blog, Security News|

As NVD vulnerabilities and cyber breaches rise, so does hacker dwell time The number of known vulnerabilities year over year is exploding. The National Vulnerability Database (NVD) approached 20,000 vulnerabilities for 2018, an increase of over a 40% over 2017. This explosion reflects the increased complexity of the software stack that most companies use, and [...]

Prediction Series #8: GDPR Breach Disclosure Mandate Is Now Global & Must Be Timely

By |2019-03-29T00:53:09+00:00March 26th, 2019|Blog, Security News|

Companies will be forced to be upfront and timely or face even steeper fines Coming up on the first anniversary, many companies still working on compliance On May 25, 2018, the much-anticipated GDPR went into affect, requiring that firms get specific permission from customers and prospects to use their information. Businesses had 2 years to [...]

Five Tech Giants – Facebook, Twitter, Apple, LinkedIn, Google – Face Investigations for Possibly Violating European Privacy Laws

By |2019-03-29T04:24:04+00:00March 21st, 2019|Security News|

The GDPR poses big potential problems for Facebook, Apple, Twitter and LinkedIn if they’ve violated stricter privacy laws The GDPR’s big teeth are starting to sink in Far stricter than U.S. privacy laws, the General Data Protection Regulation (GDPR) went into effect May 2018 and is the basis for numerous investigations into practices by these [...]

Prediction Series #7: If organizations are to increase their focus on application security, they must move beyond RASPs

By |2019-03-29T04:26:07+00:00March 20th, 2019|Blog, Security News|

Gaining truly self-defending application protection requires more than RASPs RASPs over promise and under deliver The concept of making applications self-protecting is powerful as cyberattacks continue to grow in frequency and severity. Advanced threat visibility across applications would enable teams to respond to threats in real time. Original concept was SAST/DAST/IAST application security The original [...]

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

By |2019-04-22T22:31:18+00:00March 12th, 2019|Security News, Virsec in the News|

The Last Watchdog, by Byron V. Acohido, March 4, 2019; with comments by Satya Gupta In his article last week, Byron Acohido discusses how memory attacks have become a powerful new class of hacking method that sneaks past conventional IT security systems. Byron reports that companies have spent $216 billion on security products and services [...]