main

DDoSSecurityWeb Application Firewall

Security Risks: How ‘Similar-Solution’ Information Sharing Reduces Risk at the Network Perimeter

August 23, 2018 — by Thomas Gobet0

security_network_perimeter-960x540.jpg

We live in a connected world where we have access to several tools to assist in finding any information we need. If we choose to do something risky, there is often some type of notification that warns us of the risk.

The same holds true in IT departments. When a problem occurs, we search for answers that allow us to make decisions and take action. What problem created the outage? Do I need to increase the bandwidth or choose a CDN offering? Do I need to replace my devices or add a new instance to a cluster?

Connected Security

We all know that connected IT can help us make critical decisions. In the past, we have depended on standalone, best-of-breed security solutions that detect and mitigate locally but do not share data with other mitigation solutions across the network.

[You might also like: Web Application in a Digitally Connected World]

Even when information is shared, it’s typically between identical solutions deployed across various sites within a company. While this represents a good first step, there is still plenty of room for improvement. Let us consider the physical security solutions found at a bank as an analogy for cybersecurity solutions.

A robber enters a bank. Cameras didn’t detect the intruder wearing casual clothes or anything identifying him or her as a criminal. The intruder goes to the first teller and asks for money. The teller closes the window. Next, the robber moves to a second window, demanding money and that teller closes the window. The robber moves to the third window, and so on until all available windows are closed.

Is this the most effective security strategy? Wouldn’t it make more sense if the bank had a unified solution that shared information and shut down all of the windows after the first attempt? What if this robber was a hacker who is trying to penetrate your system? Would you allow the hacker to try and break into more than one network silo after the first attempt?

Comprehensive Security Via An Enterprise-Grade Suite Solution

As we’ve seen in the example above, having mitigation solutions that can share attack information allows an organization to block a new “signature” when you see the request. But this only applies when the traffic reaches the solution. How could the bank better protect itself from the robber?

  • Should they do active verification at the entrance?
    • No, it would be time-consuming for customers who may consider not coming back.
  • Should they keep a list of customers allowed?
    • No, otherwise they would turn off new customers.
  • Should they signal the risk to other desks and entrance security?
    • Yes, that way all windows would be closed simultaneously and security guards would be able to catch the intruder and any future attempts to enter.

Imagine these windows are your different sites and the security guard placed at the entrance is your security solution at the perimeter of your network. Identifying abnormal behavior from normal behavior requires you to perform analysis of network traffic. The more advanced the analysis is the closer to the backend application the solution is. That way we can ensure only traffic allowed by prior solutions doing first security barriers gets through. Being close to the application means that analyzed traffic went through: router, firewalls, switches, IPs, anti-virus, anti-DLP and many other solutions (in classic architectures).

Organizations require a fully integrated WAF and DDoS mitigation appliance that can communicate effectively to allow WAF solutions (deployed close to the application) to warn anti-DDoS systems (deployed at the perimeter) that an attacker is trying to penetrate the perimeter.

In the blog “Accessing Application With A Driving License,” Radware recommends blocking any requests coming from clients with abnormal behavior. This mechanism was only applied to the WAF, but with this added communication, it goes even one step further and blocks bad requests and/or bad clients who are trying to access your network.

[You might also like: Accessing Application With a Driving License]

With a fully integrated WAF and DDoS detection and mitigation solution that communicates with one another, these devices will save you time and processing power and they will be more effective in blocking intrusions to your network.

Download “Web Application Security in a Digitally Connected World” to learn more.

Download Now

Application DeliverySSLWeb Application Firewall

Microsoft TMG Replacement Blues?

July 26, 2016 — by Prakash Sinha0

microsoft-tmg-replacement-3-960x640.png

Microsoft has discontinued Forefront Unified Access Gateway (UAG) and Forefront Threat Management Gateway (TMG), solutions for remote application access control, security and optimization. Microsoft UAG/TMG evolved over many years to integrate multiple functions to protect Microsoft applications. It is a key component of several Microsoft application deployments including Microsoft Exchange, SharePoint and Lync. However, the TMG and UAG deployments are not limited to protecting Microsoft applications.

Securing web applications accessible over the web is a complex task. A compromise may lead to a significant performance hit to the application, especially when under an attack that may impact business, or worse, security breaches.

Application DeliveryData CenterWeb Application Firewall

How Application Delivery and Security Work Hand-in-Hand

March 29, 2013 — by Nir Ilani1

At first glance, application delivery and security might seem unrelated because they appear to solve and address different challenges from different domains. But a closer look actually reveals that they are entwined. In this post I’ll break down the ways in which application delivery and security work hand-in-hand.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

eCrime Congress in Germany: Restoring the Equilibrium of Attackers Vs. Defenders

February 8, 2013 — by Ron Meyran0

Last week, I attended eCrime Congress in Frankfurt, Germany. Held on January 30,Radware was one of the sponsors of the event, which featured a lecture track that ran throughout the day and included breaks for the sponsors’ pavilion.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

New Attack Trends – Are You Bringing a Knife to the Gunfight?

January 22, 2013 — by Ziv Gadot0

Today, we launched our 2012 Global Application and Network Security report. It was prepared by our security experts – the Emergency Response Team (ERT) – who’ve seen their fair share of cyber attacks while actively monitoring and mitigating attacks in real-time. In this year’s annual report, our experts have uncovered several new trends in cyber-security worthy of a closer look.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecurity VirtualizationSEIMWeb Application Firewall

Last Week to Participate! Attack Mitigation Black Belt Final Round Begins Today.

July 16, 2012 — by Carl Herberger0

If you’ve been waiting, now’s the time to participate – the last week of Radware’s Attack Mitigation Black Belt Challenge begins today and ends this week. And what a challenge it is! More and more people are participating each week and the leader board has changed hands a number of times – with the standing after the Red Belt challenge resulting in a tie for first place!

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecurity VirtualizationSEIMWeb Application Firewall

Calling All Attack Mitigation Experts – Red Belt Round Begins Today!

July 9, 2012 — by Carl Herberger0

Two more weeks left in the Attack Mitigation Black Belt Challenge and congratulations to all who have earned a green belt. As we head into the next round of progressively difficult questions, we have a fierce competition for the Champion. “Brewer” is giving “dh” a run for the money, with only one second separating these first and second place contenders. Check out the Leader Board for the rankings.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

Are you ready for your Green Belt in Attack Mitigation?

July 2, 2012 — by Carl Herberger0

Knowledge Test Overview

Wow! The Attack Mitigation Black Belt Challenge is only two weeks old and already we have dueling leaders and intense competition.

People from all over the world are participating in Radware’s first Attack Mitigation Black Belt Challenge and only seven seconds separates the current leader, “dh”, from the fifth place position. It is apparent that some questions were stumbling blocks as we had two questions in the Yellow Belt round that only 10% of the participants could answer properly.