ThreatX at Black Hat 2019: Find Out How We Can Cut Through the Noise of Your Job...In More Ways Than One

Posted by Mackenzie Jacobson on Jul 29, 2019 10:48:47 AM

On August 7 and 8 in Las Vegas, thousands of cybersecurity enthusiasts, practitioners and executives will be in attendance at Black Hat 2019. We are thrilled to be among the participants at this year's event.

Read More

Topics: Company | News

Detect & Prevent Newly Observed Malicious Automation Attacks

Posted by Chris Brazdziunas on Jul 22, 2019 9:47:33 AM

Just when you think you are one step ahead of hackers, they prove you wrong and set you four steps back. Hackers continue to find new and more devious ways of finding web app vulnerabilities and exploiting them. One such tactic is leveraging malicious bots and automation, which has grown in frequency, volume, and complexity. In fact, nearly 20% of all web traffic comes from malicious bots.*

In the previous post, I outlined a number of malicious automation attacks that we often see targeted against web applications and identified which industries and business types are most commonly attacked. In 2019 alone, we have seen each one of these attacks attempted on one or more of our customers. In this post, I'll share a case study for each attack type and include preventative mitigation techniques (in order of importance) to help avoid future attacks.

Read More

Topics: Threat Intelligence

Why Security Teams Need to Virtual Patch

Posted by Andrew Useckas | CTO on Jul 8, 2019 10:28:31 AM

We live in a world where new application security vulnerabilities are discovered daily. Additionally, the advent of botnets and crypto currency mining has increased the attractiveness of targets. There are two major techniques utilized by attackers to find vulnerable applications en masse:

  1. Run scanners against large portions of the Internet to look for common exploits, such as SQL injection, Remote Command Execution, etc. Virtually any poorly coded web application can be vulnerable to these attacks.

  2. Follow the security feeds for newly discovered vulnerabilities, create exploits and launch them against every public instance of the application. Well known platforms like Wordpress and Drupal are especially susceptible to such an attack.

There is little debate that the best place to fix security issues is within the application code itself. However, that is not always feasible given the time that is required.

Read More

Topics: Web, Application & Hybrid Cloud Security

Top 4 Malicious Automation Attacks & How to Detect Them

Posted by Chris Brazdziunas on Jun 24, 2019 9:53:18 AM

We first introduced malicious automation in Part I of this blog series. We shared how malicious automation is becoming a common element of the threat landscape for organizations in nearly every vertical. In Part II of this series, we want to dive into the top 4 types of malicious automation attacks that we see most often across our ThreatX customer base. They include:

Read More

Topics: Threat Intelligence

Detecting Advanced Bots Using Active Interrogation

Posted by Will Woodson | Lead Security Engineer on Jun 18, 2019 11:47:26 AM

Last year ThreatX announced enhanced bot detection and mitigation capabilities which enabled us to identify and stop malicious bots from accessing our customers’ applications. In this post we present a recent case where we have been able to use these features, namely active bot interrogation, to drastically reduce the volume of possible bot requests sent by suspicious source entities, reducing the number of useless or undesirable requests processed by the customer application and mitigating bot threats like credential stuffing, account takeover (ATO), and fraudulent transactions.

Read More

Topics: Threat Intelligence

2019 Application Security Priorities - Stats & Trends

Posted by Chris Brazdziunas on Jun 13, 2019 8:45:04 AM

Application security never fails to keep us on our toes. Between the continuous evolution of application frameworks and integrations, and the advancement of human and automated attackers, security teams must always be braced for change and new challenges. On a similar vein, if the trends from 2018 continue, web application attacks will remain the most successful hacked area of the enterprise. In fact, over 60% of actual breaches occurred through web applications.*

Read More

Topics: Web, Application & Hybrid Cloud Security

Flying Blind Into the Threat Visibility Gap

Posted by David Geer on Jun 4, 2019 6:57:00 AM

Data, data everywhere and yet there’s very little insight to inform the business on the true nature and severity of cyber threats. That’s the story at most organizations where traditional Web Application Firewalls (WAFs) fail to bring into focus the visibility into the mounting expanse of security data.

Read More

Topics: Web, Application & Hybrid Cloud Security

How and Why to Use APIs to Strengthen Your AppSec Strategy

Posted by Kelly Brazil | VP of Sales Engineering on May 13, 2019 12:15:00 PM

APIs are at the heart of modern applications and have quickly become a favorite target of attackers. And for good reason - they expose a wealth of functionality and attack surface that is often poorly defended. In our previous article we introduced the key building blocks of API security that can help ensure your APIs get the same level of protection as the web front-end of your application.

Read More

Topics: Web, Application & Hybrid Cloud Security

ThreatX Labs - Blog

Arm yourself with information and insights on the latest cybersecurity trends to defend against today's most advanced cyber criminals with articles from the leader in SaaS-based web application firewall solutions.

Subscribe Here!

Recent Posts

Follow Me