One stop shop

Posted by Gene Fay on Mar 30, 2021 8:03:02 AM

One of my favorite activities as CEO of ThreatX is participating in meetings with prospects that have a legacy WAF already installed. In most cases, these discussions involve learning about a legacy WAF that, at best, has never been fully deployed or, at worst, has never been trusted enough to be placed into full blocking mode.

Read More

Topics: Web, Application & Hybrid Cloud Security, Threat Intelligence

If all you have is a hammer...

Posted by Gene Fay on Mar 24, 2021 7:45:00 AM

...Everything looks like a nail.

There are over a five billion unique user credentials currently circulating on darknet forums. No wonder credential stuffing/brute force attacks are on the rise and remain one of the most popular attack vectors used by both bad actors and bots alike. And they're not always what they seem to be.

Read More

Topics: Web, Application & Hybrid Cloud Security, Threat Intelligence

2020 Net Promoter Score (NPS) Improves

Posted by Gene Fay on Jan 19, 2021 6:30:00 AM

We recently surveyed our customers to determine our 2020 NPS (net promoter score). As you may know, this metric calculates how likely a customer is to recommend a company or product. It’s a pretty simple and straightforward survey that asks a simple question:  

Read More

Topics: Company | News

Protect your Users from Friendly Fire in the War on Bots

Posted by Bret Settle on Nov 2, 2020 9:30:00 AM

In a world where malicious bots roam the internet like hungry lions seeking vulnerable applications to devour, application owners are forced to make tough decisions between streamlined, user-friendly workflows and the need to interrupt user experience with bot protection techniques like CAPTCHA. We’re all tired of the user-experience of having an extra bit of work to do when filling out and submitting web forms. Who’s got time for that? However, malicious bots can and do cause real harm for countless organizations, especially as credential stuffing and account takeover attacks grow more and more sophisticated.

Read More

Winning the battle  against blended threats

Posted by Tom Hickman on Oct 23, 2020 8:00:00 AM


We're watching evolution in real-time. The bad guys have industrialized the attack toolbox. They're a step ahead of firewalls. They know where the tripwires and detection thresholds are for DDOS and Bot Detection solutions. Staying low and slow is cheap and productive. They’re sappers and deftly understand how to stay below the threshold of detection.  

Read More

Topics: Web, Application & Hybrid Cloud Security, Threat Intelligence

DDOS attacks and the 2020 election

Posted by Bret Settle on Oct 6, 2020 7:48:50 AM

Ed Amoroso, Chief Executive Officer of TAG Cyber LLC, a global cyber security advisory, training, consulting, and media services company, recently published a great article on the potential for DDOS attacks to disrupt the upcoming election. In it, he gives great insight into how L3/L4 volumetric DDOS works and how they can be used against the facilities that collect and tabulate votes from regional sites. 

Read More

Topics: Threat Intelligence

Prune the Sprawl. Get Better AppSec.

Posted by Gene Fay on Sep 28, 2020 9:55:59 AM

“We are all just prisoners here of our own device. 
--The Eagles  

“Help me get rid of some of this stuff, or I’m gonna f’n lose it.
--Anonymous CISO 

I’m going to go out on a very sturdy limb and say that The Eagles weren’t thinking about cybersecurity when they penned that line in Hotel California. Yet my recent conversations with CIOs and CISOs have made it abundantly clear that many security organizations are facing a similar situation. An excess of security tools has led to out-of-control costs and compounding complexity that makes security inefficient and threatens to make organizations less secure. Instead of stopping threats, many security teams end up like fishermen tangled in their own nets - immobilized and paying extra for the privilege.  

Read More

Topics: Web, Application & Hybrid Cloud Security, Threat Intelligence

Haven't you had your fill of credential stuffing?

Posted by Bret Settle on Sep 16, 2020 8:15:00 AM

Credential stuffing attacks are some of the most common bot-based threats facing applications today. Virtually any site or application with a login page is a potential target for credential stuffing. In this blog, we take a look at what credential stuffing is, how it can impact your apps and users, and how you can use the ThreatX WAAP++ to keep yourself protected.  

Read More

Topics: Threat Intelligence, Company | Product Updates

ThreatX Labs - Blog

Arm yourself with information and insights on the latest cybersecurity trends to defend against today's most advanced cyber criminals with articles from the leader in SaaS-based web application firewall solutions.

Subscribe Here!

Recent Posts

Follow Me