Fighting the AppSec Fight: Don't sell products. Create partnerships.

Posted by Chris Brazdziunas on Mar 18, 2020 9:26:34 AM

It’s been a few weeks since we closed the book on another RSA conference. And as always, it was nice to catch up with old friends, meet new ones, and talk to many of the security professionals who are on the frontlines of AppSec every day.

However, after spending some time on the show floor, one thing really stood out for me: vendors were selling security products, and most attendees were looking for security partnerships.

Every vendor seemingly has a promise for why their technology, products, or features are better than their competitors. But ultimately, it falls to the customers to take a leap of faith, invest in a product, staff the product, and make it deliver on its promises. It is the customer that must do the heavy lifting and take on the risk.

Read More

Topics: Web, Application & Hybrid Cloud Security, Threat Intelligence

OWASP TOP 10: APIs Take Center Stage in Latest List of Priorities

Posted by Chris Brazdziunas on Feb 12, 2020 7:57:58 AM

OWASP recently released the first iteration of the API Security Top 10. Like the ubiquitous OWASP Top 10, the API Security Top 10 delivers a prioritized list of the most critical application security issues with a focus on the API side of applications. This is a critical new tool for AppSec teams that hones in on one of the fastest growing, yet chronically under-addressed aspects of security. In this blog, I’d like to offer you an overview of the API top 10 with comparisons to the OWASP top 10 for web applications.

Read More

Topics: Web, Application & Hybrid Cloud Security, Threat Intelligence

Embedded in the ThreatX SOC: My First 30 Days

Posted by Sean Zoske on Sep 16, 2019 3:26:49 PM

SOC-as-a-SERVICE (1)

I joined ThreatX’s SOC as the Director of Security about 30 days ago now, and as with any SOC, days are hectic.  In some cases, nights are too. Even so, one of my first objectives at ThreatX was to meet with a few current customers to gather feedback from them about what is working, and what isn’t. 

Read More

Topics: Company | People

Better Security + More Efficient Ops with a Unified Approach to AppSec

Posted by Chris Brazdziunas on Aug 19, 2019 11:52:55 AM

As the demands of both modern applications and complex threat landscapes have continued to increase, many organizations have been forced to adopt an ever-growing list of new, specialized security tools in an attempt to keep pace. This often includes a mixture of WAFs, anti-bot tools, DDoS prevention, behavioral and analytics tools, intelligence feeds, and more. However, a fractured approach to security is rarely effective and almost never efficient. 

Read More

Topics: Web, Application & Hybrid Cloud Security

ThreatX at Black Hat 2019: Find Out How We Can Cut Through the Noise of Your Job...In More Ways Than One

Posted by Mackenzie Jacobson on Jul 29, 2019 10:48:47 AM

On August 7 and 8 in Las Vegas, thousands of cybersecurity enthusiasts, practitioners and executives will be in attendance at Black Hat 2019. We are thrilled to be among the participants at this year's event.

Read More

Topics: Company | News

Detect & Prevent Newly Observed Malicious Automation Attacks

Posted by Chris Brazdziunas on Jul 22, 2019 9:47:33 AM

Just when you think you are one step ahead of hackers, they prove you wrong and set you four steps back. Hackers continue to find new and more devious ways of finding web app vulnerabilities and exploiting them. One such tactic is leveraging malicious bots and automation, which has grown in frequency, volume, and complexity. In fact, nearly 20% of all web traffic comes from malicious bots.*

In the previous post, I outlined a number of malicious automation attacks that we often see targeted against web applications and identified which industries and business types are most commonly attacked. In 2019 alone, we have seen each one of these attacks attempted on one or more of our customers. In this post, I'll share a case study for each attack type and include preventative mitigation techniques (in order of importance) to help avoid future attacks.

Read More

Topics: Threat Intelligence

Why Security Teams Need to Virtual Patch

Posted by Andrew Useckas | CTO on Jul 8, 2019 10:28:31 AM

We live in a world where new application security vulnerabilities are discovered daily. Additionally, the advent of botnets and crypto currency mining has increased the attractiveness of targets. There are two major techniques utilized by attackers to find vulnerable applications en masse:

  1. Run scanners against large portions of the Internet to look for common exploits, such as SQL injection, Remote Command Execution, etc. Virtually any poorly coded web application can be vulnerable to these attacks.

  2. Follow the security feeds for newly discovered vulnerabilities, create exploits and launch them against every public instance of the application. Well known platforms like Wordpress and Drupal are especially susceptible to such an attack.

There is little debate that the best place to fix security issues is within the application code itself. However, that is not always feasible given the time that is required.

Read More

Topics: Web, Application & Hybrid Cloud Security

Top 4 Malicious Automation Attacks & How to Detect Them

Posted by Chris Brazdziunas on Jun 24, 2019 9:53:18 AM

We first introduced malicious automation in Part I of this blog series. We shared how malicious automation is becoming a common element of the threat landscape for organizations in nearly every vertical. In Part II of this series, we want to dive into the top 4 types of malicious automation attacks that we see most often across our ThreatX customer base. They include:

Read More

Topics: Threat Intelligence

ThreatX Labs - Blog

Arm yourself with information and insights on the latest cybersecurity trends to defend against today's most advanced cyber criminals with articles from the leader in SaaS-based web application firewall solutions.

Subscribe Here!

Recent Posts

Follow Me