The Forrester Wave: Web Application Firewalls, Q3 2022

Forrester’s detailed analysis of products and services says WAF customers should look for providers that:

• Allow stakeholders to configure and manage the WAF as they see fit
• Use threat intelligence to enhance analysis and automate protections
• Easily integrate everywhere

Barracuda Web Application Firewall (WAF) protects applications, APIs, and mobile app backends against a variety of attacks including the OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks. Barracuda WAF and WAF-as-a-Service are part of Barracuda Cloud Application Protection (CAP), a platform that protects web applications wherever they reside – in the cloud, on premises, or hybrid.

Intuitive protection

According to Forrester, “Barracuda has the most granular and intuitive anti-data-leakage features that we saw, with a range of out-of-the-box datatypes, the ability to define custom data types, and settings for the number of initial or trailing characters to display. Reporting and rule creation features are strong, if not quite differentiating.” ¹

We feel this reflects the strong investment we’ve made in solutions that provide customers with comprehensive, enterprise-grade application security that goes beyond traditional WAF protection.

“Barracuda offers customers the flexibility they need to stay secure, particularly as customers are dealing with a variety of complex dynamics, including protecting remote workers, while helping them stay productive,” said Tim Jefferson, SVP of Data, Network and Application Security, at Barracuda. “We believe the results of this report reinforce the trust our customers have in our WAF technology to meet their evolving application security needs.”

Get your complimentary copy of “The Forrester Wave: Web Application Firewalls, Q3 2022.” right now.

Get your copy of the report now

¹ Forrester “The Forrester Wave: Web Application Firewalls, Q3 2022” by Sandy Carielli and Amy DeMartine, Lok Sze Sung, and Peggy Dostie, Published 27 September 2022.

The post Barracuda Web Application Firewall named a Strong Performer by independent research firm appeared first on Tubesock, Inc..

CISA executive assistant director for cybersecurity Eric Goldstein told the Homeland Security Committee in the U.S. House of Representatives that precisely what the agency intends to measure will be shared next month.

Cybersecurity professionals, of course, have been trying to quantify the success of their efforts for decades with little to no success so there will undoubtedly be lots of interest in the CISA approach to one of the most vexing challenges in all of cybersecurity. As most cybersecurity professionals are all too aware, proving the value of cybersecurity is a challenge. Investments in cybersecurity are deemed worthwhile in the absence of a breach. In the event of a breach, however, the value of those investments is questioned no matter how many attacks have been thwarted.

Exactly how CISA plans to collect the data that would be required is also something of a mystery. Most of the critical infrastructure CISA is chartered to help protect is managed via public-private partnerships that are not always anxious to share information with perceived outsiders that might be obligated to publicly share that data.

In fact, the level of cybersecurity transparency that should be required is now a subject of an increasingly heated debate in Congress. Rep. Jim Langevin, D-R.I., has attached to the National Defense Authorization Act for 2023 a proposed 554 amendment that would require the Department of Homeland Security (DHS) to designate certain components of critical infrastructure as systemically important entities (SIEs). As such, operators of this infrastructure would be required to meet specific cybersecurity standards. The U.S. Chamber of Commerce along with 17 other industry associations sent a letter to Senate leaders opposing the amendment.  Specifically, the letter claims the amendment would transform the relationship between CISA and operators of critical infrastructure from being a partnership to one where CISA is empowered to impose additional cybersecurity requirements on industry.

Regardless of the degree of oversight that CISA might be able to provide the devil is always going to be in the details measured. The simple truth is it may not be possible to measure the effectiveness of cybersecurity. In addition, there clearly needs to be more concern over how data might be shared with a federal agency that is required to make reports to Congress that are likely to be closely read by malicious actors around the world that have already shown a keen interest in compromising critical infrastructure. In all probability, whatever compromise is struck is not likely to satisfy anyone. The requirements agreed upon will not likely be stringent enough to be meaningful. All that might be accomplished is a lot of data that would otherwise be kept hidden is now being shared more widely.

As Ronald Reagan once note the most dangerous words in the English language are “I’m from the government and I’m here to help.” It’s not that government agencies intend to cause more harm than good, but the nature of the way federal agencies operate doesn’t always lead to the most optimal cybersecurity outcome possible.

The post CISA to measure security progress appeared first on Tubesock, Inc..

Eagle Eye LPR (license plate recognition) won the CStore Decisions “2022 Hot New Product” Contest in the technology category. C-store Decisions is a leading publication for convenience store executives. Winners were determined based on key factors to success at convenience stores.

In the convenience store industry, thousands of new products and services are launched each year. But how can retailers predict which of those new products will ultimately be successful with customers?

CStore Decisions’ 2022 Hot New Products Contest evaluated a number of new product launches and is awarding the products set for success at c-stores this year.

This year, CStore Decisions received more than 100 entries across dozens of categories. A panel of retailer experts judged this year’s entries. Winners were determined using a point system that looked at key factors to success including innovation, packaging and more. New products/services are defined as having launched in 2022.

Technology

Gold: Eagle Eye Networks  — Eagle Eye LPR (License Plate Recognition)

In the News

By Emily Boes 
Covered on these news sites. Click the image to read more.

The post Announcing the Winners of CStore Decisions’ 2022 Hot New Products Contest first appeared on Eagle Eye Networks.

The post Announcing the Winners of CStore Decisions’ 2022 Hot New Products Contest appeared first on Tubesock, Inc..

Looking back at some of our favorite Secured.22 sessions, here are a few takeaways that stuck with us.

1. Barracuda is constantly evolving to keep customers secure

In his opening keynote, Chief Customer Officer Brian Babineau talked about Barracuda’s mission to protect and support our customers for life. He pointed out that following through on this mission requires evolution, both from a technical perspective to keep up with up with today’s dynamic threat environment, and from a customer success perspective to give customers more choices to meet their changing needs.

During Secured.22, Barracuda made four exciting product announcements across four product families, showcasing the different ways the teams are driving innovation and evolution across the company. New capabilities protect against persistent and evolving threats like ransomware, and help customers solve complex digital business transformation challenges in the areas of Email Protection, Zero Trust Access, Managed XDR, and Data Protection.

2. To stop bots, you have to think like a bot

In his session about the ways cybercriminals are using malicious bots to cause data breaches, Nitzan Miron, VP of Product Management for Application Security, broke down the different types of automated attacks, from distributed denial of service (DDOS) attacks to shopping cart fraud and more.

He pointed out that the main motivation in most of these attacks is to use bots for financial gain and explained that in order to stop bots, you have to think like a bot. Hearing his detailed explanation of the different ways to detect bot activity and tell it apart from human users provided interesting insight into the approach Barracuda takes to helping protect customers from these automated threats.

3. Account takeover is an existential threat

Mike Flouton, VP of Product management for Email Security, led a session on managing account takeover risk, referring to account takeover as an existential threat. He explained that at a time when attacks are getting more sophisticated and cybercriminals are getting better at avoiding your defenses, users are more distracted than ever, and more information is available online that cybercriminals can use to personalize attacks.

The combination is leading to a massive rise in account takeover attacks, and the persistent nature of the attacks are leading to prolonged data breaches. Mike emphasized that defense-in-depth or multilayered protection is the best approach to preventing these types of attacks.

4. Identity is at the source of all successful breaches

On day two of Secured.22, Sinan Eran, VP of Zero Trust at Barracuda, spoke about shifting to a Zero Trust, Secure Service Edge architecture and why it can be so impactful. He explained that identity is at the source of all successful breaches, but identity has expanded. It’s not just about the users anymore, but also devices and apps.

Sinan made a comparison that really helped illustrate the point in a relatable way. When you go through security at an airport, you first have to show your ID to prove who you are. You also have to show that you have a ticket to prove that you have authorization to be at that place at that time.

5. Getting the basics right still matters

In her session about inspecting your Microsoft 365 tenant security, Angelica Faber, Principal Cloud Solution Architect, Security at Microsoft talked about why getting tenant security right should be step zero. She shared a number of recent headlines about MFA fatigue, but she pointed to a statistic showing that 99% of cyberattacks could have been prevented with multifactor authentication.

Angelica encouraged customers to raise their baseline security and pointed to using security defaults as an easy way to increase your security if you don’t know where to start.

Watch Secured.22 sessions on demand

The post 5 things we learned at Secured.22 appeared first on Tubesock, Inc..

That’s certainly a key takeaway from new research on the “intermittent encryption” techniques currently being advertised to ransomware affiliates. But is it enough to give the bad guys a lasting advantage? As long as security vendors continue to innovate in protection, detection, and response, there’s no reason why it should.

What is intermittent encryption?

The new technique outlined in this research is designed to achieve two things:

• Encrypt at speed, in order to scramble all of a victim organization’s files before they have a chance to detect and stop an attack
• Bypass current detection methods by reducing the intensity of file IO operations — that is, the similarity between a known version of a file unaffected by ransomware, and one suspected to have been modified and encrypted

Intermittent encryption helps to achieve the former because files are only partially encrypted. Thus, the ransomware still causes “irretrievable damage” but in an even shorter timeframe. LockFile variant was apparently one of the first to use this technique, encrypting every other 16 bytes of a file. A study of 10 discrete ransomware types earlier this year found that network defenders have on average just 43 minutes to mitigate attacks once encryption has begun.

Intermittent encryption helps to bypass detection because it disrupts the statistical analysis techniques used by many current security tools. These look for the intense file IO operations which partial encryption helps to minimize, making it harder to spot a modified file from one unaffected by ransomware.

The bad news is that these techniques have been detected in a growing number of variants, including: Qyick, Agenda, BlackCat (ALPHV), PLAY, and Black Basta. As it’s said to be relatively easily to implement, it could well become the norm among ransomware operators.

Breaches keep coming

Intermittent encryption isn’t the only example of technological innovation in ransomware. A recent report revealed threat actors exploiting vulnerabilities in popular VoIP software to access a targeted corporate network. While vulnerability exploitation in ransomware is nothing new — in fact, it’s a top three initial access vector, along with phishing and RDP attacks — it is a sign that threat actors are increasingly prepared to scour the attack surface for any potential security gaps they can find.

Other examples include targeting of network-attached storage (NAS) devices such as those produced by Taiwanese manufacturer QNAP. Popular among SMBs and consumers, these NAS boxes were recently patched by the vendor, but customers didn’t follow suit quickly enough. Researchers detected a recent 674% increase in devices infected by the Deadbolt ransomware as a result.

The ransomware threat will therefore continue to evolve in unexpected ways as threat actors look for new ways to deceive defenders and current security tooling. Most recently big-name organizations such as Texas-based OakBend Medical Center, Bell Canada and New York emergency responder Empress EMS. The threat is also expanding increasingly into the nation state arena, with recent U.S. indictments of and sanctions on Iranian actors thought to be linked to Tehran. Critically, these individuals are accused of carrying out not only geopolitical attacks on other nation states but also financially motivated raids on private businesses — ranging from accounting practices to regional utilities and housing providers.

Getting back on the front foot

It is the job of the security vendor community to continue monitoring these trends, anticipate where new threats may come from and update their products to neutralize any advantage attackers may gain. But their customers must also stay alert and be proactive in their security posture. That means layering up defenses to mitigate ransomware across those three key attack vectors. This will involve putting in place best practice security controls such as:

• Advanced anti-phishing capabilities, including AI-based detection
• User education and awareness programs
• Web application firewalls (WAFs) to shield data
• An automated, risk-based patching program
• Threat detection and response across multiple layers (XDR)
• Firewalls and other protection for IoT and OT environments
• Regular backups, including one offline copy
• Regularly tested incident response plans

SMBs should also consider adopting a Zero Trust approach to security to help mitigate the impact of ransomware. Key components include least privilege policies, network segmentation, multi-factor authentication and continuous monitoring. The ransomware arms race may not be winnable. But there’s plenty that security bosses can do to minimize cyber risk across their organization.

E-book: Ransomware protection can be as easy as 1-2-3

The post Intermittent encryption: The latest advance in the ransomware arms race appeared first on Tubesock, Inc..

Now, obviously the best way to prevent cyberthreats is to maintain an air gap between your systems and the outside world, and until the late 1990s, that’s pretty much what the government of Saint Helena did. In fact, uncontrolled use of USB drives from the mainland used to be the most concerning threat vector.

But progress is relentless, and today a 10Mbit link connects the Saint Helena government’s approximately 700 workers to the wider world — and to the cyberthreats that inhabit it.

“We’re faced with the same challenges other organizations face,” says Director of Technology Operations Jeremy Roberts, “such as inbound threats like data theft, phishing, and ransomware. That’s why we’re glad to have worked with Barracuda over the past 15 years to ensure security.”

Choosing Barracuda

When Roberts and his team first realized that they needed to implement additional security, they began doing research and turning to trusted associates. “One of my contacts in the telecommunications industry recommended Barracuda,” he says. “After looking into their products and capabilities, we came to the consensus that they would be a good fit for us.”

(Are we proud of the fact that even in the middle of the ocean there are people recommending Barracuda to each other? Yes. Yes, we are.)

“We’ve recently installed several Barracuda Web Security Gateway appliances along with CloudGen Firewall appliances, and we’ve found them to be reliable, robust, and efficient for our needs,” says Roberts.

“The Web Security Gateway not only protects us from web-borne threats,” he continues. “It also lets us regulate bandwidth usage, which is really important considering our limited data pipe. And even when the new subsea cable upgrades the island’s connectivity in a few months, it will still be an important consideration.”

“The CloudGen Firewall appliances were simply effortless to install and get up and running, thanks to Zero-Touch Deployment,” says Roberts. “And, of course, the very advanced security capabilities give us real peace of mind. We’ve not had any compromises since installing, and the products are user-friendly — there’s very little you have to do day-to-day to manage them. I don’t have any critical feedback about Barracuda.”

Into the cloud era

When the new high-bandwidth cable brings Saint Helena into the cloud era, they will face a new world of both opportunity and advanced threats, but Roberts is confident that Barracuda will continue to be their security partner.

“Over the past 15 years we’ve received excellent support care from Barracuda,” he says. “At this moment, I can’t foresee ourselves moving away from the brand.”

Protect and optimize your network with Barracuda Network Protection

The post Our most remote customer: The Island of Saint Helena appeared first on Tubesock, Inc..

Considering the hundreds of millions of dollars that ransomware crooks get from their victims every year, it’s critical for anyone in IT security to keep abreast of the newest ways that cybercriminals work to deploy ransomware in your network.

To help with that, Barracuda has released its newest Threat Spotlight report, focused on the latest developments in ransomware tactics and how to combat them. It’s filled with information that you can use to accurately gauge your organization’s exposure to today’s ransomware threats and effectively mitigate risks.

New strategies, new attack vectors

The upcoming webinar will be co-presented by Barracuda CTO Fleming Shi and Principal Product Marketing Manager Stasia Hurley, who will jointly provide a guided tour of the report’s key insights and takeaways. Here are just a few of the things you’ll find out if you attend:

• Why the healthcare and education industries experienced unusually sharp increases in ransomware attacks during the past year
• How criminals are increasingly targeting large organizations by first penetrating smaller, less well-defended networks and using them as a springboard to attack partners, vendors, and others
• Why VPN systems with inadequate user-authentication schemes continue to be a favored point of attack for ransomware criminals
• Why application-based ransomware attacks are on the rise, even as email remains the top vector

Learning from real-world attacks

One of the challenges for anyone seeking information about ransomware attacks is the fact that many organizations are reluctant to publicly reveal that they’ve been successfully attacked and share the story of their response and how much (if anything) they paid in ransom.

At the webinar, Fleming and Stasia will walk you through a detailed discussion of three different real-world ransomware attacks that took place in the past year. You’ll see the different ways that attackers penetrated their victims’ networks, how long they were able to reside undetected within those networks, and how the organizations responded to the incidents once they were detected.

Examples will include victims who were poorly prepared and suffered the consequences, as well as those who had solid defensive plans in place and were able to avoid significant costs.

How to minimize risks

As part of the presentation, Stasia and Fleming will also explain some of the tools and strategies you can use to minimize the ransomware risk to your organizations, such as:

• Strengthening VPN authentication by implementing multi-factor authentication or (even better) a zero-trust network access solution such as Barracuda CloudGen Access
• Using a backup system, such as Barracuda Backup, that is protected against sophisticated attacks that seek to find, infect, and encrypt your backups to prevent fast and easy recovery of compromised data
• Implementing network segmentation in order to limit the spread of a ransomware infection to only a small portion of your data

Attending this webinar is one of the best things you can do to help you understand how ransomware crooks are evolving their attacks and plan out the steps you need to take to harden your security profile. Register now to reserve your spot.

Free webinar

Threat Spotlight: Ransomware in 2022

Thursday, September 29, 2022

10 a.m. – 11 a.m. PT

Save your spot today

The post Threat Spotlight webinar: Ransomware on the rise appeared first on Tubesock, Inc..

Known as malvertising, the report details how cybercriminals are working with entities that specialize in piracy to employ scare tactics and other techniques that, for example, facilitate campaigns involving misleading ads such as a false claim that the user has a computer virus. They are also coaching illicit actors on tactics to frighten or entice users to click on such ads.

The coalition specifically calls out advertising networks that are not vigilant about where they place ads and the type of advertising they accept for being complicit in distributing malware.

Digital Citizens Alliance worked with White Bullet, a provider of tools to combat piracy advertising, and Unit 221B, a provider of cybersecurity services, to analyze thousands of piracy sites, including well-known platforms such as Fmovies[.]to, Myflixer[.]to, and Dramacool9[.]co. The non-profit coalition of consumers, businesses, and Internet experts focused on educating the general public and policymakers has previously estimated piracy is a $2 billion-plus ecosystem fueled by illicit access to movies, TV shows, and live entertainment.

The collation is now estimating piracy operators are generating at least $121 million in revenues by injecting malware into advertising that contains ransomware, downloads spyware to track a user’s activities, seeks access to a user’s device to steal banking information, or simply flags the device for a future attack. More than half of the $121 million generated came from U.S. visits to these sites, the report noted. Digital Citizens Alliance also noted Americans who visit piracy sites are two to three times more likely to report an issue with malware than those who say they haven’t visited these sites.

Overall, malvertising accounts for 12% of the total ads on piracy sites, with nearly 80% of all pirate sites serving up an estimated 321 million ads containing malware. On average, one in six visits to a piracy site leads to an attempt to serve malware, according to the report.

Many cybersecurity professionals have long known how malvertising is used to distribute malware but the extent to which this attack vector is being employed shines a spotlight on how pervasive the issue has become. Organizations of all sizes should be applying more pressure on advertising networks that programmatically distribute advertising without any regard to the content included. There also needs to be more government oversight of how ad networks operate.

Obviously, there also needs to be a lot more education for end users that often don’t think twice about visiting a site that has been created for the express purpose of distributing malware. Cybersecurity professionals, of course, have been warning about fake sites for years now. The issue is with hundreds of millions of ads infected with malware being served up it only takes a few end users to make a mistake that unleashes havoc across an entire organization.

The post Report calls out ad network malware complicity appeared first on Tubesock, Inc..

In this SDM magazine article, Dean Drako, CEO and founder of Eagle Eye Networks, talks about how integrators profit from cloud video surveillance and add-on services, ” “Cloud is fundamentally an RMR model, generating significant revenue from the customer each year or month … If it’s in the cloud and not on premise, you’re running it, charging a fee, and making more money.”

Only a few years ago, the promise of video analytics seemed like more sizzle than steak. Interpretation based on pixel motion and algorithms created false alarms, and the unreliability turned off customers. But over the past two years, advances in artificial intelligence (AI), machine learning, deep learning, and edge-based IP cameras have made it more accurate than ever before.

Besides traditional security applications, businesses are turning to video data for intelligence purposes, using predictive analytics, patterns and behaviors, which makes video surveillance and video-verified intrusion detection systems more intelligent and capable of more advanced decisions.

In the News

By Laura Mazzuca Toops
Covered on these news sites. Click the image to read more.

The post Video Analytics: Adding Steak to the Sizzle first appeared on Eagle Eye Networks.

The post Video Analytics: Adding Steak to the Sizzle appeared first on Tubesock, Inc..

Eagle Eye Networks, the worldwide leader in cloud video surveillance, welcomes the National Parking Association Convention and Expo to Austin.

Austin-based Eagle Eye Networks will be in Booth #517 at the #NPAExpo to showcase our flexible and affordable cloud security solutions for the parking industry. Additionally, click here if you would like to book a meeting in advance with Eagle Eye Networks at the convention. And if you just need authentic Texas barbecue recommendations from a local company, click here for our Austin BBQ Guide.

Cloud Video Surveillance For Parking Lots and Garages

Eagle Eye Networks Cloud VMS (Video Management System) is an ideal surveillance solution for parking lots and garages. Our cloud system provides remote access and management coupled with unmatched system flexibility. Further, Eagle Eye VMS reduces the cost and complexity associated with traditional surveillance installations by working with existing cameras and infrastructure and allowing users to choose the security cameras that best fit their needs and budget.

The cloud system is also equipped with advanced features and video analytics including license plate recognition and smart, searchable video. Therefore parking lot owners and operators can strengthen security, minimize loss, and gain valuable insight into customer behavior.

Read on for the top three features parking lot owners and operators should look for in a video surveillance system for their business.

1. Secure, Remote Video Retention, Access, and Management

Offsite surveillance video retention, combined with remote access and management, works particularly well for parking industry owners and operators. With cloud surveillance there is no need for an on-site video storage device, instead video is securely transferred to cloud data centers where it is accessible from anywhere.

Owners and operators can view and manage multiple sites remotely, even from their mobile devices with Eagle Eye Cloud VMS. Additionally, all locations can be viewed from a single dashboard.

System access for one or multiple locations can easily be set up for new employees and managers can remotely adjust camera retention, resolution, and video analytics at any time.

2. Accurate and Affordable License Plate Recognition

Eagle Eye LPR (License Plate Recognition) is an AI-powered and highly accurate license plate recognition technology that works with any surveillance camera in all kinds of challenging conditions – increasing business security and efficiency while lowering costs.

Combined with the Eagle Eye Vehicle Surveillance Package, parking owners and operators can automate parking access, monitor entry/exit, and search through history to find specific plates, times, and locations.

3. Video Analytics and Automatic Alerts

Video analytics combined with cloud-based video retention can automatically detect security risks and send alerts, freeing parking professionals to focus on other aspects of their business. Use data from video analytics to make informed business decisions by monitoring customer trends and patterns. 

Loitering Detection and Line Crossing analytics activated on certain cameras can alert designated managers or operators when there is suspicious activity at a location. This activity can include people lingering in an area for a long period of time, or entering an area from a questionable location.

Eagle Eye Cloud VMS makes it easy for system admins to turn on or off any video analytics for any camera based on changing needs of their operation.

If you would like additional information on the benefits of the Eagle Eye Cloud VMS for parking lots and garages, you can view our parking industry page or set up a risk free demo below.

While You’re Visiting Austin

Part of living in Austin means constantly being asked for barbecue recommendations. Its something that’s debated in the office and among friends and family. If you’re looking for barbecue recommendations near the Austin Convention Center and downtown hotels, here is an Austin BBQ guide with some recommendations for authentic Texas barbecue in Austin.

The post Must Have Video Surveillance Features For Parking Professionals first appeared on Eagle Eye Networks.

The post Must Have Video Surveillance Features For Parking Professionals appeared first on Tubesock, Inc..