One of my favorite activities as CEO of ThreatX is participating in meetings with prospects that have a legacy WAF already installed. In most cases, these discussions involve learning about a legacy WAF that, at best, has never been fully deployed or, at worst, has never been trusted enough to be placed into full blocking mode.
...Everything looks like a nail.
There are over a five billion unique user credentials currently circulating on darknet forums. No wonder credential stuffing/brute force attacks are on the rise and remain one of the most popular attack vectors used by both bad actors and bots alike. And they're not always what they seem to be.
We recently surveyed our customers to determine our 2020 NPS (net promoter score). As you may know, this metric calculates how likely a customer is to recommend a company or product. It’s a pretty simple and straightforward survey that asks a simple question:
Topics: Company | News
“We are all just prisoners here of our own device.”
“Help me get rid of some of this stuff, or I’m gonna f’n lose it.”
I’m going to go out on a very sturdy limb and say that The Eagles weren’t thinking about cybersecurity when they penned that line in Hotel California. Yet my recent conversations with CIOs and CISOs have made it abundantly clear that many security organizations are facing a similar situation. An excess of security tools has led to out-of-control costs and compounding complexity that makes security inefficient and threatens to make organizations less secure. Instead of stopping threats, many security teams end up like fishermen tangled in their own nets - immobilized and paying extra for the privilege.
Bad bots and malicious automation are one of the few technology challenges that can materially impact on every business team inside an organization. With up to 50% of Internet traffic generated by bots, organizations are awash in a sea of automated visitors. Some bots are benign, others aren’t. Those that aren't can interfere with customer acquisition. They steal data and intellectual property. They erode application performance. They directly defraud businesses.
Most anyone who works in application security can tell you that the traditional WAF model has not aged gracefully over the past few years. Facing new challenges from bots, API-based threats, DDoS attacks, and sophisticated evasive attackers, the old guard of WAFs have bolted on module after module in an attempt to keep pace. This has, unsurprisingly, resulted in more complexity, the need for more AppSec talent, and the inability to protect an over-growing application attack surface.
Topics: Company | Product Updates
Today I am proud to announce the integration of the ThreatX WAAP with the Palo Alto Networks XSOAR platform. You can read the official announcement for more details here. This integration is exciting for me personally because it tackles one of the most important issues I see facing enterprise security teams regardless of size or industry. Virtually every organization needs to get more leverage out of their security tools, whether that means arming analysts with critical data or turning that data into automated responses. This integration lets organizations harness the power of the ThreatX’s web application + api protection + bog protection + DDoS attack mitigation (WAAP++) platform for such things as risk scores, entity details, and other insights and leverage that data across the enterprise so that teams can do more, faster.
It’s been a little over two months since I joined ThreatX as CEO, and it’s already shaping up to be a fantastic ride. As a leader, these are always some of the most exciting and illuminating days as we start to get our hands dirty and chart the path forward. As always, the most important insights have come from getting to hear directly from a lot of AppSec leaders and practitioners about the real-world challenges they face on a daily basis.
Topics: Company | Product Updates