About Us

Web application firewall in 2022!

Enterprises employ web application firewall to safeguard their web systems from zero-day exploits, malware attacks, impersonation, and other known and unknown threats and vulnerabilities. A WAF can detect and prevent several of the most critical web application security problems through specialized inspections, which regular network firewalls and other intrusion detection systems (IDSes) and intrusion prevention systems (IPSes) may not be able to perform. Companies that provide products or services through the Internet, such as e-commerce shopping, online banking, and other transactions between customers or business partners, might benefit greatly from WAFs.

A WAF is controlled by a set of rules known as policies. By filtering out harmful communications, these policies try to guard against application vulnerabilities. The usefulness of a WAF is derived in part from the speed and ease with which policy modifications may be deployed, allowing for faster reaction to various attack vectors; for example, rate limiting can be swiftly imposed by updating WAF policies during a DDoS attack.

According to the Infosecurity outlook, the percentage of people who use the internet is consecutively on the rise. It is critical for businesses to build and enhance their online presence as more customers go online and spend more time there. Many companies are already doing this, and others are following suit.

A Web Application Firewall (WAF) examines HTTP requests and applies a set of rules to determine which parts of the communication are benign and which are malicious. The GET and POST requests are the most important aspects of HTTP dialogues that a WAF examines. POST requests are used to submit data to a server to alter its state, whereas GET requests are used to get data from the server.

A WAF can analyze and filter the content contained in these HTTP requests in one of two ways, or a hybrid of the two:

Whitelisting: When using a whitelisting strategy, the WAF will block all requests by default, allowing only those that are known to be trustworthy. It gives you a list of IP addresses that are recognized to be safe. Whitelisting requires fewer resources than blacklisting. The disadvantage of using whitelisting is that it may mistakenly block good traffic. While it can be effective and cast a large net, it can also be imprecise.

Blacklisting: A blacklisting strategy allows packets to pass by default and employs preset signatures to restrict harmful online traffic and safeguard websites or web apps from vulnerabilities. It’s a set of rules for detecting malicious packets. Because public websites and web applications receive a lot of traffic from unknown IP addresses that aren’t known to be malicious or benign, blacklisting is more appropriate. The disadvantage of a blacklisting strategy is that it consumes more resources; filtering packets based on specific criteria requires more information than just using trusted IP addresses.

Hybrid: A hybrid security is a typical model that incorporates both blacklisting and whitelisting aspects.

As we are aware of what a web application firewall is for, here are some of the advantages. A WAF could be a fantastic long-term investment for your website because it can:

  • Ensure that rules such as HIPAA and PCI are followed.
  • By automating security checks and traffic monitoring, you can free up resources for your team.
  • SQL injections, cross-site scripting (XSS) assaults, and distributed denial of service (DDoS) attacks should all be avoided.
  • Prevent customer data from being compromised, protecting trust—and their business.

WAFs are based on a set of rules known as policies and can be deployed as hardware, software, or both in the cloud. These policies instruct the WAF firewall on what to look for in terms of vulnerabilities, gaps, and traffic behavior, as well as what to do if vulnerabilities are discovered. To put it another way, WAF’s policies are what allow it to protect web applications and servers from assaults.

TSB Golden Gate Release Helps Developers Configure Policies For Their Applications

Tetrate declared the general availability of Tetrate Service Bridge (TSB), Golden Gate release.

API Gateway, a web application firewall (WAF), and service mesh capabilities are all combined into a single administration plane in this latest edition, resulting in a cloud-agnostic unified application connection platform.

TSB delivers centralized governance and decentralized enforcement to application networking by unifying these capabilities—essential for enabling zero-trust security across historical and new workloads.

The Envoy-based application networking layer from TSB blurs the lines between north-south and east-west traffic, making it all just application traffic. From the edge to the workload, developers may now apply capabilities previously only available in an API gateway to any element of their application topology. API Gateway and a comprehensive set of API governance tools are included in the TSB Golden Gate release out of the box.

Developers may find it difficult to gain access and understand how to configure application-specific network and security policies, which can have a negative impact on productivity. Simultaneously, networking and security teams lack the resources necessary to enforce policy demands and ensure that they are followed. This misalignment of access and knowledge results in non-compliant networking and uneven policy enforcement, which leads to security breaches.

With the Golden Gate version, TSB now allows developers to create policies for their applications without having to grasp the complexity of new technologies like Envoy and Istio while yet harnessing their potential.

CEO, and co-founder of Tetrate, Varun Talwar said, “Application architectures are increasingly becoming distributed in nature. When combined with the need for multi-cloud infrastructures, application networking, and security policies, management becomes a complex problem. TSB elegantly simplifies this challenge with its management plane, a layer that binds the runtime system to the users and teams. Enterprises can implement controls for regulatory requirements with confidence and maintain many unrelated teams on the same infrastructure without shared-fate outages.”

Data Theorem Releases Industry’s First Active Protection Suite with Observability and Runtime Defense

Data Theorem, Inc., a global leading provider of modern application security, announced the industry’s first Active Protection package, which includes observability and runtime defense and provides comprehensive security for API, mobile, modern web, cloud, and serverless (Lambda) functions.

To prevent data breaches, organisations today require technologies that are specifically designed for securing modern application stacks. Runtime AppSec technologies in the past (WAFs, RASPs, EDRs) were unable to cover crucial sections of modern application stacks like cloud-native applications. Traditional web application firewalls (WAFs), runtime application self-protection (RASPs), and endpoint detection and response (EDR) agents, these cannot secure serverless applications with APIs, such as AWS Lambda. This is due to the lack of readily available operating systems for agent installation, as well as typical network perimeters with ingress/egress points. Data Theorem’s whole product suite now includes runtime protections and observability, addressing security gaps in modern application exposures typical in cloud-native stacks.

Data Theorem is the first to provide full stack security for current modern apps, starting with the client layer (mobile and web), protecting the network layer (REST and GraphQL APIs), and extending all the way down to the underlying infrastructure (cloud services).

“Data Theorem’s Active Protection is the first in the industry to provide comprehensive security across today’s modern application stacks. Application environments are more dynamic when leveraging cloud services requiring increased telemetry. Organizations need to discover their growing attack surfaces as their cloud adoption grows. We are not aware of any other vendor delivering active protection runtime defenses and observability across cloud-native, mobile, modern web, and serverless applications,” said Doug Dooley, Data Theorem COO.

Data Theorem’s extensive AppSec portfolio secures companies against data breaches with application security testing and protection for modern web frameworks, API-driven microservices, and cloud resources. Its solutions are driven by the company’s award-winning Analyzer Engine, which utilizes a unique sort of dynamic and run-time analysis that is completely implemented into the CI/CD process and allows enterprises to undertake continuous, automated security inspection and remediation.

Its solutions are driven by the company’s award-winning Analyzer Engine, which utilizes a unique sort of dynamic and run-time analysis that is completely implemented into the CI/CD process and allows enterprises to undertake continuous, automated security inspection and remediation.

Stellar Cyber’s Open XDR strengthens security operations for Barracuda users

Stellar Cyber has announced the integration of its security platform with Barracuda CloudGen Firewall, Barracuda Total Email Protection, and Barracuda Web Application Firewall, offering managed security service provider (MSSP) clients and prospects with improved visibility, cyber threat hunting, automated incident correlation, and remediation.

“Our customers know that Barracuda delivers best-of-class email, network, and web application security solutions. When it comes to defending against today’s sophisticated cyber threats like ransomware and data breaches, they are looking for full visibility and automation,” said Fleming Shi, CTO at Barracuda Networks.

“We already offer Barracuda SKOUT Managed XDR optimized for our MSP customers. This new integration with Stellar Cyber gives our enterprise customers a holistic view of their infrastructure and the capabilities to coordinate incident response to attacks in real time.”

The Stellar Cyber platform integrates the XDR Kill Chain and AI-driven correlation of detection techniques and warnings into automatically generated incidents on an incredibly simple dashboard with visibility all over the attack surface, so analysts know precisely what to look into and how to look into it.

Furthermore, the inbuilt multi-tenant functionalities of Stellar Cyber find things simpler for Barracuda’s MSSP partners to offer SOC-as-a-service to its end-user customers.

“The Stellar Cyber Open XDR platform brings additional value to existing Barracuda product investments by ingesting their logs, enriching the captured data, analyzing that data for threats, and then automatically remediating attacks through the firewall as well as other systems,” said Zeus Kerravala, principal analyst at ZK Research. “It’s great to see this level of integration to protect customers.”

“By integrating our Open XDR AI-powered cybersecurity platform with Barracuda’s popular solutions, we deliver a new level of visibility and SOC capabilities, such as correlated threat analysis, threat hunting, and automated remediation, to Barracuda customers,” said Paul Jespersen, Senior Vice President of Global Business Development at Stellar Cyber.

“Our purpose-built platform collects and ingests data from all existing security tools and presents a single dashboard that clearly identifies and prioritizes security threats, all the way from individual alerts to sophisticated incidents or attack stories, in a way that maximizes efficiency in SOC operations.”

Barracuda is focusing on strengthening its integrations with Open XDR systems such as Stellar Cyber. Clients of Barracuda will be able to more effectively block ransomware and stay ahead of attackers that use credential theft and account takeover in email security to stop further penetration.

Untangle Selects Brigantia Partners To Grow SMB Security Distribution in the UK

Untangle Inc., a specialist in network security for SMBs and distributed businesses, announced a partnership with Brigantia Partners to market its award-winning SMB security solutions in the United Kingdom.

“Our partnership with Brigantia will enable us to reach MSPs with specific needs that Brigantia understands. Brigantia has a deep understanding of IT Managed Services within the UK, and together with Untangle, will be able to provide the best in class products, support and services. Untangle is energized by Brigantia’s approach to building their UK business and we look forward to a successful partnership where we grow together,” said Scott Devens, CEO at Untangle.

Brigantia is an award-winning managed services distributor that offers comprehensive, cost-effective IT solutions. Brigantia Distribution, Brigantia Consulting, and Brigantia Enhance are three distinct business sectors aimed to provide maximum value to the companies of its reseller, MSP, MSSP, and consultant partners. Clients now have access to a strong product stack that includes comprehensive security, deep analysis and insights, network orchestration, reliable connectivity, and network performance as a result of cooperation with Untangle.

“After years of searching for a next-generation firewall solution that is clearly aimed at the SME and MSP marketspace, Brigantia Partners is excited to be launching the award-winning range from Untangle. With this new addition to our portfolio, we are providing our partners with an enterprise-level firewall and VPN solution that is simple to deploy and manage, while also fitting into SME budgets,” said Martin Wright, Managing Director at Brigantia Partners Limited.

Untangle makes use of a cloud-based console that delivers daily analysis and alerts to assure that clients are informed of any malicious behaviour. Clients can now be assured that they are receiving the full advanced security of the Untangle Network Security Framework thanks to MSPs’ use of NG Firewall, which provides highly customizable protection and extensive filtering capabilities.

Brigantia and Untangle are both dedicated to defending SMBs and distributed enterprises from cyber threats. Brigantia, in collaboration with the Untangle SD-WAN product range, can provide end users with a unified, professional solution for SMEs with many locations.

CyberRatings Introduces First-of-its-Kind Cloud Test on Firewall as a Service and Zero Trust Network Access

CyberRatings.org, a non-profit firm dedicated to making cybersecurity product efficacy transparent, has released its first Secure Access Service Edge (SASE) rating. Zscaler’s Firewall as a Service (FWaaS), including its Zero Trust Network Access (ZTNA) capabilities, were tested independently by CyberRatings utilising Zscaler Internet Access and Zscaler Private Access. Overall, Zscaler received a ‘AA’ rating, with individual test components receiving ‘AA’ to ‘AAA’ ratings.

SASE technology is a relatively new addition to the market. It’s a new technology package that’s supplied as a service:

  • Data security (Cloud Access Security Broker and Data Loss Prevention)
  • Access control (FWaaS and ZTNA)
  • Threat protection (Secure Web Gateway, anti-malware, and intrusion prevention)

“The pandemic accelerated adoption of new technologies such as SASE that securely enable a distributed workforce. This first-of-its-kind test provides the cybersecurity industry with a reliable and independent way to evaluate SASE offerings,” said Vikram Phatak, CEO of CyberRatings.org. 

Because these technologies are so new, CyberRatings spent several months developing the apparatus to test FWaaS and ZTNA alongside Keysight’s network and cloud product teams. Keysight offered CyPerf to test application stability, performance, reliability and TLS / SSL functionality.

“The distributed nature of hybrid/cloud networks calls for a new way of testing. Keysight developed its industry-first cloud-native CyPerf test solution to help users validate services like SASE, software-defined wide area network (SD-WAN), and cloud network firewall. We are excited to partner with CyberRatings in this first independent test of SASE technology,” said Ram Periakaruppan vice president and general manager, Keysight’s Network Test and Security Solutions.

CyberRatings has a three-phase approach for assessing SASE solutions, with the first phase focusing on FWaaS and ZTNA. The discovery and handling of exploits, malware, and evasions will be tested in phase two. The cloud access security broker (CASB) and data leak protection will be addressed in the third phase (DLP).

Salt Security introduced Salt Labs to increase API Security awareness around the world

Salt Security, the industry’s leading API security firm, announced the launch of Salt Labs, a new public forum for sharing API vulnerability research. Salt Labs will be a resource for organizations wishing to protect infrastructure against API risk through vulnerability and threat research, as well as industry reports. It will also raise public awareness about API security threats, supporting Salt Security’s aim of providing comprehensive API security and accelerating corporate innovation by making APIs attack-proof.

Concerns about API security have become a huge obstacle to company innovation. According to the Salt Security State of API Security Report, 66 percent of companies have put off deploying a new app due to API security concerns. To address these concerns, Salt Labs will publish research and studies that businesses can utilize to strengthen their API security posture and prevent dangers to API-centric enterprises. Salt Labs will focus on offering high-impact threat research, identifying the latest API attack vectors, and giving remediation best practices to make API security programs more agile and actionable, using a strong technical understanding of API risks, security flaws, and misconfigurations.

“APIs represent an important and often overlooked threat vector that presents a range of challenges often not included in research efforts. We look forward to the dividends of the public research efforts of Salt Labs, which will increase our awareness of emerging API risks and help us harden our application environments to better protect both our employees and customers,” said Steve Ward, CISO, The Home Depot.

To date, the private sharing of API threat research findings has emphasized the need for further education about critical API security challenges and vulnerabilities, which are frequently assumed to be mitigated by traditional solutions like Web Application Firewalls (WAFs) and API gateways. Salt Labs’ goal is to improve users’ ability to spot security flaws in their own APIs, allowing them to take strong, proactive steps to harden their APIs and back-end systems. As a result, more businesses will be able to protect and maintain the integrity of sensitive consumer and business-critical data.

“With the growth of APIs and the central role they play in today’s application environments, the need for unbiased, relevant, and reliable research has prompted us to share the groundbreaking API security research that our team has been conducting for years. Salt Labs is dedicated to extending the safety of enterprises as they innovate in our increasingly digital and connected world. By now making this research public, we will increase education around API security and related attack vectors so that organizations of all types can strengthen their API security measures,” said Roey Eliyahu, co-founder and CEO, Salt Security.

BOTS subsidiary, Cyber Security Group LLC, announced Web Application Firewall (WAF) solution to target global cybersecurity market

BOTS, Inc., a global tech firm that specialises in Blockchain-based solutions such as decentralized finance applications for the financial industry, consulting, mining equipment repair, cybersecurity solutions, crypto mining and insurance, announced that its subsidiary, Cyber Security Group LLC, has launched Web Application Firewall (WAF), a proprietary software solution to protect web applications.

The cybersecurity market is being driven by rising cybersecurity events and rules demanding their reporting. Cybercrime, which includes data damage and destruction, stolen money, lost property, intellectual property theft, and other sectors, costs the globe around USD 600 billion each year, according to the Center for Strategic and International Studies (CSIS) and McAfee.

WAF protects against application vulnerabilities and data breaches. The following are some important advantages:

  •     Protection from web attacks and DDoS
  •     Controls access and authentication
  •     Automates and orchestrates security
  •     Protects applications and APIs
  •     Protects against business logic attacks
  •     Protects ecosystem around Blockchain
  •     Blocks malicious bots and automated attacks
  •     Protects from XSS & SQL injections

BOTS’ Cyber Security Group LLC subsidiary is an ISO/IEC 27001:2013 certified Information Security Management System that seeks to capitalise on the fast-growing worldwide cyber security market with its exclusive range of SaaS products. WAF has been successfully battle-tested by financial services and e-commerce enterprises over a two-year pilot program and is now available to businesses all across the world.

Ransomware – Everything You Need Know

Ransomware is a cryptographic malware that threatens to release or permanently block access to the victim’s data until a ransom is paid. Ransomware encrypts information and documents on any device, including servers, from a single computer to an entire organization’s network. Ransomwares are part of cryptovirology. Cryptovirology is the study of the creation of effective harmful malware using encryption. 

Ransomwares encrypt the victim’s files making them unusable and demand a ransom to unlock them. Recovery of documents without the decryption key is an unsolvable problem in a properly executed cryptoviral extortion attack. The payment of ransoms is demanded in Bitcoin or other cryptocurrencies, making it impossible to track down and prosecute the culprits. 

Recent Ransomware attacks  

The WannaCry ransomware attack swept across the Internet in May 2017, employing the EternalBlue vulnerability vector. The ransomware attack, which was unparalleled in scope, infected over 230,000 devices in over 150 countries and demanded money from customers using the Bitcoin cryptocurrency in 20 different languages. At least 16 hospitals in the United Kingdom’s National Health Service (NHS) had to turn away patients or cancel scheduled surgeries. The US Colonial Pipeline was the target of a cyberattack on May 7, 2021. DarkSide was recognised by the Federal Bureau of Investigation as the culprit of the Colonial Pipeline ransomware assault, which resulted in the voluntary shutdown of the primary pipeline carrying 45 percent of petroleum to the US East Coast. 

How Attackers Attack? 
  • Ransomware comes as an email attachment – Invoice, attached document, etc. It may include a real vendor’s name or even your organization’s name. 
  • Employees’ computers are usually connected to the company’s network, shared cloud services, and so on. Without any human involvement or indication, ransomware begins encrypting all of the files it can as soon as it is launched. 
  • It then notifies the user and gives payment instructions. 
  • Some other ways are – Compromised webpages, infected removable drives, malicious software bundles.
  • Payment is mostly in Bitcoins 
 Key choices: 

– Pay the ransom and get data 

– Restore from backup 

– Lose Data 

Paying the Ransom increases Risk of Future Attacks 

The majority of cybersecurity experts don’t recommend paying a ransom in the event of a ransomware attack. Paying won’t guarantee that a company will get their data and it will encourage hackers behind ransomware attacks to keep doing what they’re doing, maintaining the illegal industry. The targets of a ransomware attacks are mostly given a time limit with the threat of deleting a particular amount of data every hour until the ransom is paid. This can be extremely stressful and unpleasant for the key management people in an organization, leading them to believe that they have no other option except to pay. The best suggestion is to be properly prepared for an attack so that enterprise firms can defend themselves. 

Ransomware and Cryptocurrency  

Bitcoins are a type of cryptocurrency, which means they don’t have a physical form. They are kept in anonymous digital wallets. They can be sent to any location. They can be paid with complete anonymity from anywhere to anywhere. Aside from the advantages, they are an excellent method of payment for illegal operations. One may claim that cryptocurrency is one of the ransomware’s enablers. After all, the software would be worthless if the hackers couldn’t safely take cash. The emergence of Bitcoin has coincided with an increase in ransomware attacks.

Security Awareness Training  

It is advised that effective security awareness training is required. Employees do not come to work with the goal of clicking on phishing emails and infecting their machines. As many IT professionals can confirm, knowing what red flags or threat is, can make all the difference in an employee’s ability to distinguish malicious links/software from legitimate traffic. 

Protection  

Investing in a renowned security solution and putting in a strong firewall is a terrific approach to protect an organization’s network. There are various security solutions like Zero-Trust Security, Web Application Firewall and Cloud Security. Keeping the security system up to date will assist security teams in detecting a ransomware infection in the early phase. 

Backup of Data 

The most important piece of advice given by anti-ransomware experts is to back up all data outside of your organization’s network. Create an isolated network or buy a service to keep the company’s backup safe from infection. It’s necessary for an enterprise firm to restore the whole system. 

Ransomwares have grown into malware that disables entire infrastructure. It won’t be surprising if ransomwares evolve in the next few years. Hence, necessary steps to secure an organization should be taken into consideration. 

Web Application Firewall – Everything You Need to Know

Web Application Firewall – Web Application Firewall (WAF) is a form of application firewall that protects web service from various attacks. Application protection is a security layer that can defend against a variety of application layer security threats that aren’t normally covered by a traditional network layer Intrusion Detection Systems. By inspecting HTTP/HTTPS request packets and web traffic patterns, the WAF ensures that the web service is not jeopardized. It defends web applications against cross-site scripting (XSS), file inclusion and SQL injection attacks. The WAF prevents attacks by blocking HTTP requests and IP addresses when it detects some kind of security threat in compliance with the configuration file.

Why Web Application Firewall ?

Web applications are easily available and provide a convenient entry point to useful data, hence they are a prime target for cyber-attacks. These online services must be protected from current and emerging cyber-threats without compromising efficiency and quality. Because of the consistent changes in applications, security teams struggle to keep up with updating security rules that properly protect web services. This can lead to security flaws and vulnerabilities that cybercriminals can take advantage of, resulting in expensive data breaches. Additionally, businesses seek out security technologies that can scale with their applications to meet rising consumer demand, ensuring that the web as a service remains viable and are adequately protected without compromising the customer’s experience.

Features of Web Application Firewall are –

  • Configuration and Control – Administrators can use the Web Application Firewall to build policies for compliance, regulatory, and security purposes. Administrators can build comprehensive and flexible policies as required, including URL rewriting, SSL/TLS validation and compliance, using the WAF policy engine. WAF detects attack chains automatically, from eavesdropping to data theft and backdoor setup. Instead of working through thousands of possible attacks, security experts are only alerted to the most critical threats. Security teams can specify the protection level for each program, and WAF can determine what to do in various scenarios. In the event, if the device configuration fails, previously saved settings can be restored automatically eliminating the manual work.
  • Reporting and Analytics – WAF provides real-time insight into your web traffic and can be used to generate new dashboard reporting rules or warnings. It gives security teams fine control of how the metrics are displayed, allowing them to track anything from individual rules to all inbound traffic. In addition, WAF provides detailed logging by collecting the header data of each inspected web request that can be used in analytics and security automation. WAF takes a large number of warnings and condenses them into a limited, manageable collection of security events, this gives security professionals a frictionless operating experience.
  • Integration and Security – WAF virtual application can be installed and scaled up easily on-premises with no special hardware to purchase or maintain. WAF can easily integrate into a company’s information security management system, which aids in the provision of advanced multilayer security. Administrators can develop special rules to detect confidential data like account numbers, passwords, financial transactions and insurance records. In addition, rules may be used to hide information from third parties, including administrators that use WAF. WAF aids in the monitoring of all traffic.

The majority of previous time-consuming and physical activities are automated with online services in all enterprise sectors like IT, finance, manufacturing, telecom, media to government. With the rise in cyber-attacks, these organizations must secure their online applications and the safest and most commonly used solution is a Web Application Firewall.