main

Security

How to Prepare for the Biggest Change in IT Security in 10 Years: The Availability Threat

July 12, 2017 — by Carl Herberger0

availability-threat-960x511.jpg

Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure.  Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security.  Penetration tests, a result of the corporate risk assessment, also fail to test on availability security.  In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late.  Availability is commonly handed off to be addressed by network engineering to design and build resilient networks.  Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers.  You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.

Attack Types & VectorsSecurity

What’s Lurking in Your CDN?

October 30, 2015 — by Patrick McNeil1

I was able to get to DerbyCon V this year for the first time – an annual conference founded by David Kennedy that is held at the end of September in Louisville, KY.  One of the talks that I attended was also given at Blackhat 2015, “Bypass Surgery – Abusing Content Delivery Networks with Server Side Request Forgery, Flash, and DNS” by Mike Brooks from Bishop Fox and Matthew Bryant from Uber.

Application Acceleration & OptimizationApplication DeliverySSL

The Internet has Upgraded to HTTP/2, but One Key Feature will Slow You Down

August 26, 2015 — by Frank Yue0

Imagine a world where smartphones were only upgraded every 15 years.  It is hard to imagine waiting that long for new hardware and new functionality to meet consumer expectations and demands.  It is even harder to imagine how the update will integrate all the changes in the way people utilize their smartphones.

Attack Types & VectorsSecurity

Can a CDN Stop Cyber-Attacks?

February 26, 2015 — by David Hobbs5

In previous articles, we’ve reviewed content delivery networks (CDNs) from a variety of security perspectives – from how hackers have used them as weapons of DDoS to how bad actors can use free services to create astronomical billing issues.  CDNs are often used as a mask, to levy API abuse and web reflector attacks that plague the Internet via bots and scrapers.  Today, it is estimated that 65% of the traffic on the Internet is from such abuse.  If you were to reflect on that idea, would you think that a CDN can protect you?  That is the falsehood that is often believed.

Application Acceleration & OptimizationApplication DeliverySecurity

Your Six Favorite Posts of 2014

December 23, 2014 — by Radware0

During the past 12 months, we’ve worked to provide more than application delivery and security solutions.  Our goal was (and is) to share knowledge with the IT community so you can assess upcoming trends, implement best practices, and gain insights through our research. Thanks to our readers, partners, customers, and team members for another great year of sharing our thought leadership. 

Here’s a look at what resonated the most with our readers this past year.  Happy Holidays and we wish you a smart, successful, and secure 2015.  Cheers!

Application Acceleration & OptimizationApplication Delivery

Why Ecommerce Sites That Use a CDN Take Longer to Become Interactive (and Why You Still Need a CDN)

May 12, 2014 — by Tammy Everts6

One of the most provocative findings in our latest State of the Union for Ecommerce Web Performance was the fact that using a content delivery network correlated to slower performance for retail sites. In today's post, we'll explore what this finding means (hint: correlation doesn't mean causation) and why you still need a CDN in your performance toolkit.

Application SecurityDDoS AttacksSecurity

Why Cyber Attackers are Still Defeating Your Network Security

May 7, 2014 — by Ron Meyran3

Nearly, two years ago I questioned the myth: does size really matter? and now it’s time to revisit the issue and also look at some of the changes occurring in the cybercrime scene.

The big myth of 2012 was that organizations need to prepare for enormous attacks. The attack on Spamhaus in 2013 supported this claim.