About Us

FireMon launched FireMon Policy Analyzer 

FireMon launched FireMon Policy Analyzer, a free firewall assessment tool. It offers organizations a detailed diagnostic report outlining the health of a firewall policy, complete with best practices and recommendations to strengthen their security posture. 

Jody Brazil, CEO of FireMon stated, “The potential for misconfiguring a firewall in a rapidly expanding organizational environment poses real risk to organizations today. Understanding firewall policy security posture and minimizing the potential for human errors when it comes to setting up and managing this complexity cannot be overstated. 

The financial and reputational repercussions of a firewall compromise can potentially result in fines, lost revenues, lawsuits, and long-term damage to the health of the business. Visibility is key to identifying and addressing weaknesses in firewalls and other network security elements. With FireMon Policy Analyzer we provide organizations with an intuitive, powerful and insightful free tool to strengthen their operational environment almost immediately.” 

According to Gartner, configuration mistakes are to blame for 99% of firewall and cloud security failures. Misconfigurations, particularly with regard to a company’s firewalls, are a well-documented cause of the widening cybersecurity gap. Small configuration errors and out-of-date rules can quickly accumulate, making it difficult to manage traditional rules-based firewall setups effectively as environments grow. If these errors are not found and fixed, they can lead to catastrophic network vulnerabilities. 

Organizations can reduce security risks brought on by improperly managed firewall policies by using FireMon Policy Analyzer, which gives security teams a potent tool without the need for setup, installation, or specialized hardware. For typical firewall configurations, Policy Analyzer safely collects the necessary configuration data from a firewall, analyzes the firewall policy, and provides security posture results in seconds. 

Salt Security introduced Salt Labs to increase API Security awareness around the world

Salt Security, the industry’s leading API security firm, announced the launch of Salt Labs, a new public forum for sharing API vulnerability research. Salt Labs will be a resource for organizations wishing to protect infrastructure against API risk through vulnerability and threat research, as well as industry reports. It will also raise public awareness about API security threats, supporting Salt Security’s aim of providing comprehensive API security and accelerating corporate innovation by making APIs attack-proof.

Concerns about API security have become a huge obstacle to company innovation. According to the Salt Security State of API Security Report, 66 percent of companies have put off deploying a new app due to API security concerns. To address these concerns, Salt Labs will publish research and studies that businesses can utilize to strengthen their API security posture and prevent dangers to API-centric enterprises. Salt Labs will focus on offering high-impact threat research, identifying the latest API attack vectors, and giving remediation best practices to make API security programs more agile and actionable, using a strong technical understanding of API risks, security flaws, and misconfigurations.

“APIs represent an important and often overlooked threat vector that presents a range of challenges often not included in research efforts. We look forward to the dividends of the public research efforts of Salt Labs, which will increase our awareness of emerging API risks and help us harden our application environments to better protect both our employees and customers,” said Steve Ward, CISO, The Home Depot.

To date, the private sharing of API threat research findings has emphasized the need for further education about critical API security challenges and vulnerabilities, which are frequently assumed to be mitigated by traditional solutions like Web Application Firewalls (WAFs) and API gateways. Salt Labs’ goal is to improve users’ ability to spot security flaws in their own APIs, allowing them to take strong, proactive steps to harden their APIs and back-end systems. As a result, more businesses will be able to protect and maintain the integrity of sensitive consumer and business-critical data.

“With the growth of APIs and the central role they play in today’s application environments, the need for unbiased, relevant, and reliable research has prompted us to share the groundbreaking API security research that our team has been conducting for years. Salt Labs is dedicated to extending the safety of enterprises as they innovate in our increasingly digital and connected world. By now making this research public, we will increase education around API security and related attack vectors so that organizations of all types can strengthen their API security measures,” said Roey Eliyahu, co-founder and CEO, Salt Security.

Web Application Firewall – Everything You Need to Know

Web Application Firewall – Web Application Firewall (WAF) is a form of application firewall that protects web service from various attacks. Application protection is a security layer that can defend against a variety of application layer security threats that aren’t normally covered by a traditional network layer Intrusion Detection Systems. By inspecting HTTP/HTTPS request packets and web traffic patterns, the WAF ensures that the web service is not jeopardized. It defends web applications against cross-site scripting (XSS), file inclusion and SQL injection attacks. The WAF prevents attacks by blocking HTTP requests and IP addresses when it detects some kind of security threat in compliance with the configuration file.

Why Web Application Firewall ?

Web applications are easily available and provide a convenient entry point to useful data, hence they are a prime target for cyber-attacks. These online services must be protected from current and emerging cyber-threats without compromising efficiency and quality. Because of the consistent changes in applications, security teams struggle to keep up with updating security rules that properly protect web services. This can lead to security flaws and vulnerabilities that cybercriminals can take advantage of, resulting in expensive data breaches. Additionally, businesses seek out security technologies that can scale with their applications to meet rising consumer demand, ensuring that the web as a service remains viable and are adequately protected without compromising the customer’s experience.

Features of Web Application Firewall are –

  • Configuration and Control – Administrators can use the Web Application Firewall to build policies for compliance, regulatory, and security purposes. Administrators can build comprehensive and flexible policies as required, including URL rewriting, SSL/TLS validation and compliance, using the WAF policy engine. WAF detects attack chains automatically, from eavesdropping to data theft and backdoor setup. Instead of working through thousands of possible attacks, security experts are only alerted to the most critical threats. Security teams can specify the protection level for each program, and WAF can determine what to do in various scenarios. In the event, if the device configuration fails, previously saved settings can be restored automatically eliminating the manual work.
  • Reporting and Analytics – WAF provides real-time insight into your web traffic and can be used to generate new dashboard reporting rules or warnings. It gives security teams fine control of how the metrics are displayed, allowing them to track anything from individual rules to all inbound traffic. In addition, WAF provides detailed logging by collecting the header data of each inspected web request that can be used in analytics and security automation. WAF takes a large number of warnings and condenses them into a limited, manageable collection of security events, this gives security professionals a frictionless operating experience.
  • Integration and Security – WAF virtual application can be installed and scaled up easily on-premises with no special hardware to purchase or maintain. WAF can easily integrate into a company’s information security management system, which aids in the provision of advanced multilayer security. Administrators can develop special rules to detect confidential data like account numbers, passwords, financial transactions and insurance records. In addition, rules may be used to hide information from third parties, including administrators that use WAF. WAF aids in the monitoring of all traffic.

The majority of previous time-consuming and physical activities are automated with online services in all enterprise sectors like IT, finance, manufacturing, telecom, media to government. With the rise in cyber-attacks, these organizations must secure their online applications and the safest and most commonly used solution is a Web Application Firewall.