Best Practices for Automation in Cyber Security

Automation has become a central component to growing and successful businesses. This holds true in the cybersecurity sector as well, specifically with identity and access management, patching, and network change management. No matter the business, the goal of automation remains the same - improving response and task completion times or ... Read More

Using a Next-Gen WAF to Identify & Prevent Carding

As more and more businesses elect to conduct business online, not only are they subject to additional threats, but their customers are as well. For customers, this is especially true when using and submitting credit cards to complete online transactions. One of the most common attacks in this space is ... Read More

Machine Learning in Cybersecurity – Demystifying Buzzwords & Getting to the Truth

Earlier this month, I had the opportunity to discuss the role of machine learning in security with Dave Shackleford from SANS. It was a fun discussion, and if you have the time, I encourage you to check it out here ... Read More

The Rise of the Attacker-Centric Web Application Firewall (WAF)

In this series of blog posts, we have been analyzing the major forces that are reshaping the way the industry approaches application security.In this post, we lay out the foundations for a new approach to security that not only solves the problems of the old approach to web application firewalls ... Read More
Marriott Hotels

Marriott’s Costly Mistake: Letting Compliance Trump Security

Friday’s news of Marriott’s massive breach sent shock waves throughout the cybersecurity industry and consumer sectors alike. Brian Krebs described the “colossal intrusion” and numerous other security experts joined in to analyze what missteps the chain may have taken, how the breach could have been prevented, and what we as ... Read More

Top Cybersecurity Threats & How the WAF Must Evolve to Address Them

In this series of articles, we’ve been exploring the various ways that application security is evolving and what it means for modern security teams. In the first article, we analyzed how virtually all applications have evolved to be web-facing in some manner and how this has massively multiplied the AppSec ... Read More

Shifting DevOps Models and Their Impact on Application Security Tools and Strategies

While application security has never been more advanced, one could argue that it has also never been more difficult. Keeping pace with the growth and evolution of applications, evaluating the endless number of available solutions, and recruiting the expertise to manage the solutions and evaluate the data are just a ... Read More

The New Age of Applications and What it Means for Security

The Modern Age of Applications Applications are the heart of most organizations. While you can think of data as the nouns of an organization’s story, applications are the verbs where the action takes place and the real work gets done. And the nature of those applications is changing dramatically - ... Read More

Facing the Apache Struts Vulnerability with Confidence Using Threat X

Last week, the Apache Software Foundation announced a new Apache Struts vulnerability (CVE-2018-11776) that looks just as bad as the one that took down Equifax last fall. When exploited, this vulnerability allows an attacker remote access of servers running an un-patched version of Struts (2.3 to 2.3.34 or 2.5 to ... Read More

Secure Guardrails