application attacks
One thing I’ve noticed over the last couple years is that there are 5 Stages of a Data Breach: Denial: We do not believe these attacks breached our critical servers. Anger: We want to make it clear that we take security seriously! Bargaining: We’d like to offer our affected customers a credit monitoring service. Depression: We wish we could have done things differently. Acceptance: Well, it just shows that no one is safe from hackers. ps Technorati Tags: F5, cyber-crime, trojan, Pete Silva, security, business, education, 5 stages, cyber war, hackers,...
The BIG-IP platform is now ICSA Certified as a Network Firewall.
Internet threats are widely varied and multi-layered. Although applications and their data are attackers’ primary targets, many attackers gain entry at the network layer. Internet data centers and public-facing web properties are constant targets for large-scale attacks by hacker/hactivist communities and others looking to grab intellectual property or cause a service outage. Organizations must prepare for the normal influx of users, but they also must defend their infrastructure from the daily barrage of malicious users.
Security administrators who manage large web properties are struggling with security because traditional firewalls are...
1 if by land, 2 of by sea, 0 if by IP
I know I’ve said this before but it sure seems like almost daily there is a security breach somewhere. Over the years, the thought process has changed from prevent all attacks to, it is inevitable that we will be breached. The massive number of attacks occurring daily makes it a statistical reality. Now organizations are looking for the right solution (both technology and practice) to quickly detect a breach, stop it, identify what occurred and what data may have been compromised. Over the last couple of days various entities...
Over the last couple weeks, we’ve been rolling out a series of short Security Vignette videos about various IT security challenges. We’ve posted them to the F5News blog account but also wanted to share in case you missed them. If we were going to sum up the role of security in corporate IT today we'd have to say it's to "be prepared." This series looks at many of those security concerns which can be addressed proactively, before they are exploited or become a fire drill. F5 Security Vignette: Proactive Security - The F5 Security Vignette series...
After just proclaiming, a mere four days ago in The Top 10, Top Predictions for 2012, that I wouldn’t predict anything for 2012 and simply would repurpose other’s predictions, I offer this prognosis. An area I have been thinking about recently is the availability of IT personnel, or lack thereof in 2012. It began with a conversation with a F5 colleague and a simple premise: Information Technology personnel seem to be in demand. We have read stories to this effect, and even anecdotally realized that times are not that bad for IT careers, despite the financial crisis. Sure, many...
Around this time of year, almost everyone and their brother put out their annual predictions for the coming year. So instead of coming up with my own, I figured I’d simply regurgitate what many others are expecting to happen. Security Predictions 2012 & 2013 - The Emerging Security Threat – SANS talks Custom Malware, IPv6, ARM hacking and Social Media. Top 7 Cybersecurity Predictions for 2012 - From Stuxnet to Sony, a number of cyberattacks emerged in 2011 that experts have predicted for quite some time. Webroot’s top seven...
We try to offer many learning opportunities thru webinars so if there are other topics you’re interested in, there are some links below but also check out the F5 WebCasts page along with DevCentral’s Media site. We also post video content to our YouTube Channel, if that’s your game. In this v11 webinar, I tell stories around various threats like DDoS, insecure DNS, web 2.0, AJAX, JSON payloads along with some unified access security/control based on identity. Originally offered to our EMEA audience, now for everyone to enjoy. Running time: 65:50
<div style="padding-bottom: 0px; margin: 0px; padding-left: 0px; padding-right: 0px;...
As they endeavor to secure their systems from malicious intrusion attempts, many companies face the same decision: whether to use a web application firewall (WAF) or an intrusion detection or prevention system (IDS/IPS). But this notion that only one or the other is the solution is faulty. Attacks occur at different layers of the OSI model and they often penetrate multiple layers of either the stack or the actual system infrastructure. Attacks are also evolving—what once was only a network layer attack has shifted into a multi-layer network and application attack. For example, malicious intruders may start with a network-based...
Founder & CTO of WhiteHat Security, Jeremiah Grossman talks about the F5/WhiteHat partnership, the benefits of the WhiteHat Sentinel & BIG-IP ASM integration, the sophistication level of some of the recent attacks/breaches reported in the media, blocking SQL Injections and why organizations should consider an integrated WAF and Scanner like the WhiteHat/F5 solution.
</p> <p><font size="2">ps</font></p> <p><font size="2">Related:</font></p> <ul> <li><a href="https://www.whitehatsec.com/index.html" _fcksavedurl="https://www.whitehatsec.com/index.html"><font size="2" face="Tahoma">WhiteHat Security</font></a></li> <li><a href="https://www.whitehatsec.com/resource/grossman.html" _fcksavedurl="https://www.whitehatsec.com/resource/grossman.html"><font size="2" face="Tahoma">WhiteHat Blog</font></a></li> <li><a href="http://jeremiahgrossman.blogspot.com/" _fcksavedurl="http://jeremiahgrossman.blogspot.com/"><font size="2" face="Tahoma">Jeremiah Grossman Blog</font></a></li> <li><a href="http://www.f5.com/solutions/technology-alliances/security/whitehat.html" _fcksavedurl="http://www.f5.com/solutions/technology-alliances/security/whitehat.html"><font size="2" face="Tahoma">F5/WhiteHat Partnership</font></a></li> ...
A couple days ago, The SANS Institute announced the release of a major update (Version 3.0) to the 20 Critical Controls, a prioritized baseline of information security measures designed to provide continuous monitoring to better protect government and commercial computers and networks from cyber attacks. The information security threat landscape is always changing, especially this year with the well publicized breaches. The particular controls have been tested and provide an effective solution to defending against cyber-attacks. The focus is critical technical areas than can help an organization prioritize efforts to protect against the most common and dangerous attacks. Automating security...
Full application attacks Archive
