main

Security

Darknet: Attacker’s Operations Room

December 20, 2017 — by Nir Ilani0

darknet-attackers-operation-room-960x640.jpg

Originating from ARPANET back in the 70’s, the Darknet is essentially an overlay network, which applies strong privacy and encryption practices.  I am often asked what’s the difference between Surface vs. Deep vs. Dark Web, so let me put it as simply as I can – and then let’s examine their relationship and contribution to cyber-attack campaigns that take place more frequently.

Security

AI Considerations in Cyber Defence Automation

December 14, 2017 — by Pascal Geenens1

ai-automation-960x598.jpg

When Apple unveiled the iPhone X, it catapulted artificial intelligence and machine learning into the limelight. Facial recognition became a mainstream reality for those who can afford it. A few months later, Vietnamese cyber security firm Bkav claimed it was able to bypass the iPhone X’s Face ID using a relatively inexpensive $150 mask. The claim is still up in the air and while it has not been accepted to its full extent, no one was actually able to refute the claim based on scientific facts.

SecurityWAF

Healthcare & Web Application Security: A Prescriptive Look at Application-Layer Security Risks

December 7, 2017 — by Radware0

waf-healthcare-960x640.jpg

The healthcare sector consists of a wide number of segments: payers, such as insurance companies; providers such as hospitals and doctors; and manufacturers, both pharmaceutical as well as medical device and equipment. Because the industry deals with quality of life issues across the spectrum, access to real-time data, especially sensitive data such as patient records, requires both the security and availability of in-house, Web, mobile, or cloud applications.

Security

5 Questions to Ask About DDoS Pricing

November 29, 2017 — by Eyal Arazi0

ddos-pricing-questions-960x513.jpg

DDoS protection pricing is all over the map, and can get fairly complex. However, there are a few key questions to ask in order to make sure you’re not paying too much.

As DDoS attacks grow more frequent, more powerful, and more sophisticated, many organizations turn to DDoS mitigation services to protect themselves against attack. DDoS protection vendors range in all shapes and sizes, from dedicated DDoS mitigation providers to CDN vendors who add website DDoS protection, to ISPs who resell DDoS protection as an add-on. As a result, the quality and cost of such service can vary wildly, and many customers end up purchasing protection packages that are either inadequate, or too big for their needs, resulting in unnecessary costs.

Security

Understanding the Real Cost of a Cyber-Attack and Building a Cyber-Resilient Business

November 21, 2017 — by Ben Zilberman0

cost-cyber-attack-960x641.jpg

Cyber-attacks are like parasites: they are not always visible, not always felt, but with plenty of potential to affect your operational efficiencies, service level agreements, and computing resources. All of those impacts bring potentially high costs. The first step to understanding and managing the cost of cyber-attacks is to do everything you can to understand the potential impact and build an effective incident response team so you can rein in these “parasites” and limit damage to your business.

Security

HTTP Attacks

November 15, 2017 — by Lior Rozen0

http-attack-960x600.jpg

HTTP traffic is dominating the internet. In fact, when people are asked about the internet, they are sometimes sure the internet is their browser that connects them to everything online.  Data centers also experience a high volume of HTTP traffic and many enterprises are seeing more and more of their revenues coming from online sales.  However, as the popularity grows, the risks grow with it, and just like any protocol, HTTP is vulnerable to attacks. Attackers use Denial-of-Service (DoS) attack techniques in order to create denial-of-service on web servers. Such attacks are used to make a point, make some profit or simply for fun. In this blog post I will describe the common DDoS attacks that are launched against HTTP servers.