Background noise in this case is relatively benign scanning by various CERTs, Shodan etc., while attack traffic represents attackers – automated and otherwise – attempting to perform actual attacks. In the case of these three vulnerabilities, the ratio is much more towards valid attack traffic versus scanning.
Securing your applications
As mentioned above, web applications and APIs are lucrative attack vectors for cybercriminals – and they are coming under increasing attack.
Defenders are hard pressed to keep up with the growing number of vulnerabilities. They have to contend with both zero-days and older vulnerabilities. The software supply chain for critical apps may also have vulnerabilities – as demonstrated by the Log4Shell vulnerability.
Attackers will often target old vulnerabilities that security teams have forgotten about to try and breach an overlooked, unpatched application and then spread into the network.
How Barracuda can help
Think of application protection as a defensive “onion” – with multiple layers to detect and prevent an incident from escalating. Barracuda Application Protection covers multiple parts of that defensive strategy, offering web application & API protection, DDoS protection, bot protection including account takeover protection, and much more. For a free 30-day trial, click here. You can also schedule a demo here.