main

Security

What Does a Windstorm in Wyoming Have to Do with Cyber Security?

February 7, 2018 — by Carl Herberger0

windstorm-cyber-attack-960x640.jpg

Natural disasters serve as excellent examples of the unforeseen consequences that a cyber-attack against infrastructure will have. Take for example a strong windstorm in Wyoming in February 2017. The storm knocked down power lines, forcing water and sewage treatment plants to operate on backup generators, which weren’t available to some of the pumps that moved sewage from low-lying areas to higher ground. As a result, the sewers backed up after the weather continued to prolonged the outage. While government officials tasked with disaster planning have long focused on the cascading effects of power outages from natural disasters, only recently have they realized the effects of cyber warfare could be quite similar.

Attack Types & VectorsDDoSSecuritySSL

2017’s 5 Most Dangerous DDoS Attacks & How to Mitigate Them (Part 1)

September 12, 2017 — by Carl Herberger1

top-5-ddos-attacks-960x631.jpg

Throughout the history of mankind, whether in warfare or crime, the advantage has swung between offense and defense, with new technologies and innovative tactics displacing old doctrines and plans. For example, the defensive advantage of the Greek phalanx was eventually outmaneuvered by the Roman legion. Later, improvements in fortifications and armor led to castles and ironclad knights, until the invention of gunpowder made them obsolete. In the 20th century, fixed fortifications and trenches were rendered outdated by highly mobile armored forces. In all these examples, the common denominator is that one side’s tactical advantage spawned new ways of thinking among its opponents, eventually degrading that advantage or reversing it completely.

Security

Hey there Security Professional…..How do YOU mitigate attacks?

July 19, 2017 — by Carl Herberger2

hey-there-security-professional-960x568.jpg

The last several months have been historic by any measure. U.S. banks and financial institutions around the world have come under cyber-attacks at a high rate. We’ve seen everything from DDoS attacks to waves of ransomware. 

So, why was this? Is it because they didn’t have enough resources or serious professionals dedicated to program management?  Not likely. The true answer is a bit more uncomfortable, but worthy of exploration.

Security

How to Prepare for the Biggest Change in IT Security in 10 Years: The Availability Threat

July 12, 2017 — by Carl Herberger0

availability-threat-960x511.jpg

Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure.  Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security.  Penetration tests, a result of the corporate risk assessment, also fail to test on availability security.  In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late.  Availability is commonly handed off to be addressed by network engineering to design and build resilient networks.  Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers.  You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.

Security

We Hate to Say “I Told You So,” But…

May 17, 2017 — by Carl Herberger1

revised-predictions-960x640.jpg

Every year Radware sets forth predictions in our annual security report called Radware’s Global Application and Network Security report and, we might add, have achieved a very substantial track record of forecasting how the threat landscape will evolve.  After all, it is fun to predict what may happen over the course of a year in security.  The industry moves so fast and while some things do stay the course, it only takes one small catalyst to spark a new direction that nobody could have predicted.