main

Security

Why There Is No API Security

April 19, 2017 — by David Monahan1

api-security-960x589.jpg

Whether we see them or not, application programming interfaces (APIs) are a crucial part of business today. They are used in virtually every aspect of IT and DevOps. APIs facilitate and even drive B2B and B2C partnerships, ecommerce acceleration, systems and application automation, and solution integrations. Without them, business and IT shops would not be able to deliver services anywhere near as fast and efficiently as they do today. However, this speed comes at a cost. User security is often a trade-off between security and usability and there seems to be a similar trade-off with leveraging APIs.

Attack Types & VectorsSecurity

Why ISP DDoS Services Typically Fail

April 12, 2017 — by David Monahan0

isp-ddos-protection-960x528.jpg

Over the last couple of years, I wrote about DDoS attacks several times—with good reason. They are increasing in size and intensity. Each year more homes are connected to the Internet; consumers and businesses increase their access connection bandwidth; and more devices are online at each connection. With all these connected devices, many of which have little to no protection, the field is ripe for threat actors to harvest DDoS attack hosts, a.k.a. bots.

Application DeliveryDDoSSecurity

Why Cloud-based and ISP-based Scrubbing Alone Are Inadequate.

May 18, 2016 — by David Monahan0

cloud-scrubbing-2-960x713.png

On occasion, the topic of DDoS defense has come up and invariably goes to, “Why can’t organizations rely on ISP and cloud scrubbing services to protect themselves from DDoS attacks?” The conversation also rolls over to, “Why can’t organizations rely on on-premises solutions to protect themselves from DDoS attacks?” The latter is usually asked by someone who is a novice in the field, but both are valid questions. The true answer lies with a combination defense or, to coin a common security phrase, “defense-in-depth.”

DDoSSecurityWAF

Why WAF & DDoS – A Perfect Prearranged Marriage – #2

April 6, 2016 — by David Monahan0

firewall_img_david_m-1.png

David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger.

In previous blogs I have written about DDoS attacks and the inadequacies of using ISP and cloud-based DDoS attack scrubbing by themselves. However, in this blog I am going to speak to why WAF and DDoS filtering make a great pair, focusing on the difference between and the benefits of combining the web application firewall (WAF) and DDoS filtering.

Security

The Value of Letting the Technical Professionals Select a Security Vendor

February 23, 2016 — by David Monahan0

security-vendor-2-960x639.jpg

David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger.

Management is ultimately responsible for the security of an organization. At each level, the appropriate manager decides which of the precious dollars, assets, and personnel under his or her control should be allocated for each aspect of the business, security being one of the many competing functions.

Security

Microsoft TMG EOL Got You Down? Here are Options for Replacements

June 3, 2015 — by David Monahan0

David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger.

I was recently briefing with a customer when a question was raised about Microsoft Forefront Threat Management Gateway (TMG) and its end of life. The question was what would be my recommendations for replacing it. My first glib thought was “quickly” but I bit my tongue and went on with a better formed recommendation along the same lines.

Security

Cyber-Security Concerns to Know Before You Sign On

April 16, 2015 — by David Monahan0

David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger.

Any of us who use the Internet with regularity enjoy the benefits of Federated Identity Management (FIM) and Single Sign-On (SSO) without much thought. Because of these technologies, we are able to move between our favorite blog site, news center, or social media site (Twitter, Facebook, LinkedIn, etc.) without having to struggle for log in information.

DDoS AttacksSecurity

The Right Way to Secure Your Applications Against DDoS Using Signaling

January 12, 2015 — by David Monahan0

David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger.

Let’s face it. DDoS are the big, fat, scary bully of the Internet. When organizations have sufficiently tight security or a would-be attacker doesn’t have the skills to overcome a target’s security, he or she can buy capacity on a bot-net or other delivery vehicle and slam packets from all over the world at the target’s site and application(s).