ThreatX - Blog

It's no secret that the frequency and intensity of data breaches is growing at an exponential rate. Based on data from Verizon's Data Breach Investigations Report, there were nearly 53,000 incidents and over 2,215 confirmed breaches in a mere 12 months. This confirms the fear that many organizations face that hackers are thriving in an expanded playing field, and organizations don't have the resources or the bandwidth to keep up. 

In response to this and similar trends, businesses are commonly resorting to impulse investments in technology and resources that promise stronger defenses. Unfortunately, these rash decisions often cause security strategy misalignment - the results of which often mirror the likes of data breaches in their negative impact on the business.

On August 8 and 9 in Las Vegas, thousands of cybersecurity enthusiasts, practitioners and executives will be in attendance at Black Hat 2018. We are thrilled to be among the participants at this year's event.

We recently co-hosted a webinar with SANS Institute, Your Current Approaches to Threat Detection and Neutralization are Broken. During that webcast, experts from ThreatX and SANS addressed the current challenges inherent in protecting your web applications in today's complex hybrid cloud environments, and the common inefficiencies of some legacy WAF approaches.

This discussion sparked various questions, some of which we receive quite often. In case you missed it, we compiled the answers to the mosts frequently asked questions.

Despite its theoretical conception in the 1960s¹, cloud computing has only truly emerged and taken hold in the last decade. Organizations are now striving to find the balance in utilizing both the private and public cloud - what we refer to as the hybrid cloud environment.

While this middle ground has allowed for greater flexibility, it also complicates the desire and need to protect the data housed in these environments. Not to mention the sure volume of data, which grows at an annual compounding rate of 42% (according to the IDC). As a result, it is unrealistic to expect static signature-based security models to remain effective while continuing to offer protection for today's web applications. In this respect, legacy approaches to web application protection are fundamentally broken and often result in:

• Costly false positives
• Poor application response times
• Impeding agile development
• Overworked security teams
• Untenable event analysis and maintenance burdens