main

Attack Types & VectorsDDoSSecuritySSL

2017’s 5 Most Dangerous DDoS Attacks & How to Mitigate Them (Part 1)

September 12, 2017 — by Carl Herberger1

top-5-ddos-attacks-960x631.jpg

Throughout the history of mankind, whether in warfare or crime, the advantage has swung between offense and defense, with new technologies and innovative tactics displacing old doctrines and plans. For example, the defensive advantage of the Greek phalanx was eventually outmaneuvered by the Roman legion. Later, improvements in fortifications and armor led to castles and ironclad knights, until the invention of gunpowder made them obsolete. In the 20th century, fixed fortifications and trenches were rendered outdated by highly mobile armored forces. In all these examples, the common denominator is that one side’s tactical advantage spawned new ways of thinking among its opponents, eventually degrading that advantage or reversing it completely.

Security

Hey there Security Professional…..How do YOU mitigate attacks?

July 19, 2017 — by Carl Herberger2

hey-there-security-professional-960x568.jpg

The last several months have been historic by any measure. U.S. banks and financial institutions around the world have come under cyber-attacks at a high rate. We’ve seen everything from DDoS attacks to waves of ransomware. 

So, why was this? Is it because they didn’t have enough resources or serious professionals dedicated to program management?  Not likely. The true answer is a bit more uncomfortable, but worthy of exploration.

Security

How to Prepare for the Biggest Change in IT Security in 10 Years: The Availability Threat

July 12, 2017 — by Carl Herberger0

availability-threat-960x511.jpg

Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure.  Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security.  Penetration tests, a result of the corporate risk assessment, also fail to test on availability security.  In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late.  Availability is commonly handed off to be addressed by network engineering to design and build resilient networks.  Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers.  You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.

Security

We Hate to Say “I Told You So,” But…

May 17, 2017 — by Carl Herberger1

revised-predictions-960x640.jpg

Every year Radware sets forth predictions in our annual security report called Radware’s Global Application and Network Security report and, we might add, have achieved a very substantial track record of forecasting how the threat landscape will evolve.  After all, it is fun to predict what may happen over the course of a year in security.  The industry moves so fast and while some things do stay the course, it only takes one small catalyst to spark a new direction that nobody could have predicted.

Security

2017 Considerations before Buying an Attack Mitigation System

May 11, 2017 — by Carl Herberger2

buying-attack-mitigation-960x641.jpg

Managing the security of critical information has proven a challenge for businesses and organizations of all sizes. Even companies that invest in the latest security infrastructure and tools soon discover that these technology-based “solutions” are short-lived. From antivirus software to firewalls and intrusion detection and prevention systems, these solutions are, in fact, merely the most effective strategies at the time of implementation. In other words, as soon as businesses build or strengthen a protective barrier, the “bad guys” find another way to get in. Attackers are constantly changing their tactics and strategies to make their attacks and scams as damaging as possible.  The good news is that it appears that attacks and subsequent defenses are breaking down in categories which can be measured systematically. The following areas are of a particular concern as we look towards 2017-2018 planning for attacks:

Attack Types & VectorsSecurity

The offspring of two comic book giants bring us the Bot Squad! Super freaky!

May 9, 2017 — by Carl Herberger0

Radware_The_Bot_Squad-960x960.png

To state the obvious, two well-known comic book giants have lit the imaginations of generations of children. They brought to life the fantasy that humans could be ‘super’ or immortal, or somehow infallible.

Each in their own way combined fantastical combinations of humans with unreal, unbelievable and incredible skills.

In the category of vision enhancement alone, there are legions of characters who have developed themselves in a surreal way, for example, through X-Ray vision, or super-acute vision (something akin to a hawk). Other superheroes were gifted with night vision or even eyes that fired deadly laser beams. However, did you know that these characters dreamt up in comic books all have somewhat real world equivalents? Well, maybe not in people, but clearly in video surveillance systems of the future.

Security

How are IoT Skills different than IT Skills?

April 27, 2017 — by Carl Herberger0

it-vs-iot-skills-960x640.jpg

I believe by now, most people have come to know the perfect harmony, a revolution, taking place whereby automation and interconnectivity is intersecting newly developed or innovated devices which can be controlled and communicated remotely. This revolution is called the Internet of Things (IoT) and is transforming once-stodgy manufacturers into massive technology giants, old electric companies into the world’s largest interconnected network of lights, meters and transformer stations, and have the possibility to permeate nearly every aspect of our lives, including the ability to transform our love lives and the prospect of our health and quality of living.

Security

Is the Internet Rolling Back our Freedoms?

January 4, 2017 — by Carl Herberger0

rule-41-privacy-960x640.jpg

Right to Speech, Press, to Congregate, to Privacy, to practice Religion, and many others are no longer protected and thus effectively lost.

They say when you are dead, that you don’t know you are dead. It is difficult only for others, which is normally a select few people who were intimate with you. However, every once and a while a person is so stunning that we realize that everyone would have benefited knowing them.

The same is true for privacy.

Attack Types & VectorsDDoSSecurity

Cyber Security Predictions: Looking Back at 2016, Peering Ahead to 2017

December 13, 2016 — by Carl Herberger1

cyber-security-predictions-2017-960x557.jpg

2016: What a year! Internet of Things (IoT) threats became a reality and somewhat paradoxically spawned the first 1TBs DDoS—the largest DDoS attack in history. Radware predicted these and other 2016 events in the 2015–2016 Global Application and Network Security Report. Since initiating this annual report, we have built a solid track record of successfully forecasting how the threat landscape will evolve. While some variables stay the course, the industry moves incredibly quickly, and it takes just one small catalyst to spark a new direction that nobody could have predicted.

Let’s take a look back at how our predictions fared in 2016—and then explore what Radware sees on the horizon for 2017.