Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A web application firewall is a security software that observes and filters HTTP/HTTPS traffic between a web application and the internet. While this has been available for decades, with the evolution of the threat landscape, WAFs have also added additional capabilities to protect not only web apps but also APIs against a range of attacks, including DDoS and bot attacks. So, the category has evolved and is currently called Web Application and API Protection (WAAP).

Network security monitoring is the process of inspecting network traffic and IT infrastructure for signs of security issues. These signs can provide IT teams with valuable information about the organization’s cybersecurity posture. For example, security teams may notice unusual changes being made to access control policies. This may lead to unexpected traffic flows between on-premises systems and unrecognized web applications.

The world of retail is undergoing a significant transformation, largely driven by technological advancements. One of the most notable changes is the rapid growth of in-store biometric-enabled transactions. A recent study by Juniper Research highlights this trend, projecting a 138% growth in the number of transactions carried out via biometric-enabled Point of Sale (PoS) terminals, soaring from 19.5 billion in 2023 to an impressive scale globally by 2028.

As we navigate through 2024, integrated identity verification platforms are not just emerging technologies but essential tools reshaping how we secure and authenticate identities in a digital world. At IDcentral, a pioneer in identity verification solutions, we’ve witnessed and contributed to this significant transformation. In this blog, we explore the recent trends and innovations that are driving the rise of these platforms.

The cybersecurity landscape is undergoing a significant shift, moving from security tools monitoring applications running within userspace to advanced, real-time approaches that monitor system activity directly and safely within the kernel by using eBPF. This evolution in kernel introspection is particularly evident in the adoption of projects like Falco, Tetragon, and Tracee in Linux environments.

To comply with the security audit requirements of SOC 2, PCI, and others, your application audit report should have zero open vulnerabilities. Most companies perform these audits at least annually, and the audits are more frequent for highly regulated industries such as finance and healthcare. However, 31% of critical and high vulnerabilities remain open after 180 days – according to The State of Application Security.

Cloudflare experienced a security breach when its internal systems were compromised, leading to unauthorized access to sensitive data. Another incident highlights the importance of maintaining strict secrets security across the supply chain.

Regulatory frameworks play a crucial role in ensuring the resilience and security of organizations. One such regulation that has garnered significant attention is the Digital Operational Resilience Act (DORA). Here are the key aspects of DORA, as well as guidance for how to ensure compliance with it while measurably reducing risk to your business.

Credential Stuffing, a vital yet often overlooked aspect of cybersecurity, needs to be addressed with urgency. An alarmingly large segment of the population engages in the risky habit of using the same password for various accounts. This behavior parallels the risk of using a universal key for various locks in your life, such as those for your home, car, or even hotel rooms during vacations.

In the ever-evolving landscape of Kubernetes networking and security, Calico has proven to be a battle-hardened, scalable and robust solution. Core to Calico’s architecture are two components, Felix and Typha. And given their importance for running Kubernetes deployment, it is no surprise that monitoring these components is crucial to secure and maintain them for optimal cluster operation.