Application Security

Signal Sciences Delivers Web Application Security to AWS Customers

Grazed from Signal Sciences

Signal Sciences today announced that its industry first Web Protection Platform (WPP) is now available on AWS Marketplace. With Signal Sciences WPP, AWS customers can easily protect their most critical web applications, APIs and microservices from the full spectrum of security threats, including account takeover, business logic attacks, and OWASP Top 10, among many others.

Traditional web application security technology, such as web application firewalls (WAF), cannot effectively secure and scale with the complexity today's modern-day applications. Built by practitioners, for practitioners, Signal Sciences WPP is the only solution in the application security market that works across any language, any cloud and any physical infrastructure. This means security, operations and DevOps teams can now ensure they have broad coverage against real threats and attack scenarios and easily scale web protection across all applications on AWS, or other infrastructures.

Securing applications in the public cloud

Grazed from Computerworld.  Author: Oleg Dulin

I have written on the topic of cloud-induced transformation of IT in the past. Adapting IT audit and monitoring processes to cloud infrastructure is one of the challenges I come across when it comes to cloud rollouts.

In a 1990s-era data center, everything revolves around hardware and virtual machines. Big, monolithic applications are installed and run on servers. Servers themselves run in the private subnet (secure) or public (DMZ), and they have various security agent software installed to monitor and log everything that goes in and out of these machines. 

Top Application Security Threats And How To Counter Them

Application Security is the use of software, hardware, and procedural methods to protect applications from external threats. In the world of software design, security is becoming an increasingly important concern during development as applications are more accessible over different networks and as a result, are more vulnerable to a wide variety of threats. Many applications are fundamentally flawed, making it possible for hackers to steal data, hijack user inputs, or deny service entirely.

The following slideshow presented by Column Information Security presents an application checklist—a look at how your company can counter the impact of seven top application security threats.


Bitglass Brings Real-Time Inline Security to AWS and Custom Cloud Apps

Grazed from Bitglass

Bitglass, the total data protection company, today announced support for Amazon Web Services (AWS) and custom apps -- two major additions that extend the capabilities of Bitglass' market-leading Cloud Access Security Broker (CASB) solution.

Bitglass for AWS offers deep visibility, real-time DLP, and granular access controls across all S3 and EC2 instances. According to Neil MacDonald and Greg Young of Gartner*, "Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities."

5 Steps for Enhanced Security of Applications in the Cloud

Grazed from CSO. Author: Carric Dooley.

When you moved your applications to the cloud, your attack surface changed while the vulnerabilities at the application, database, and network level persisted. To address these issues, securing your cloud perimeter, preventing unauthorized access, and protecting your data is crucial.

The first step to reduce the attack surface is to run a port scan specific to an instance IP and lock down all the unnecessary open ports. In addition, be sure to lock down your meta and user data. Detailed instructions on how to perform these security measures in AWS are available from our team...

Cloud App Security: the Answer to Advanced Office 365 Threats

Grazed from TrendMicro. Author: Chris Taylor.

Cloud computing has fundamentally changed the way we do business, for the better. The software-as-a-service industry alone has matured at an astonishing rate over the past few years to the point where it’s no longer only those risk-taking early adopters signing up – businesses of all shapes and sizes are jumping on board. But while the benefits of taking that cloud journey are familiar to us all, so are the risks.

And top of those risks, the number one barrier in the eyes of U.S. businesses, is security. That’s why, as of June 25, we’re delighted to announce the general availability of Trend Micro™ Cloud App Security – a comprehensive new security suite offering advanced threat protection and DLP for all your favorite Microsoft Office 365 applications...

Centrify Earns Cloud Computing Excellence Award for Securing Mobile Devices and SaaS Applications

Grazed from Centrify. Author: PR Announcement.

Centrify Corporation, the leader in Unified Identity Services across data center, cloud and mobile, today announced that TMC, a global, integrated media company, has named its Centrify Cloud Service as a 2013 Cloud Computing Excellence Award winner, presented by Cloud Computing Magazine. The Cloud Computing Excellence Awards recognize the companies that have most effectively leveraged cloud computing in their efforts to bring new, differentiated offerings to market.

The Centrify Cloud Service is a multi-tenanted service that provides secure communication from on-premise Microsoft Active Directory infrastructure to mobile devices and to the MyCentrify User Portal for secure authentication to SaaS applications. For customers who don’t have Active Directory as a corporate directory, Centrify also offers a fully cloud-based offering for SaaS and mobile management...

Cloud Computing: U.S. intelligence agencies embrace OpenStack

Grazed from ITWorld. Author: Nancy Gohring.

The U.S. National Security Agency has been “transformed” since implementing OpenStack, and now the agency plans to open its experiences to all 16 agencies that make up the U.S. intelligence community. “Over the next few months we’ll work with the larger intelligence community to roll out systems across the community,” said Nathanael Burton, a computer scientist with NSA, during a keynote at the OpenStack Summit in Portland, Oregon. “Hopefully we’ll be giving access to our OpenStack system to the rest of the [intelligence community] so they can leverage the same efficiencies.”

It wasn’t immediately clear if other agencies have committed to building their own OpenStack clouds or if they plan to use the NSA’s. But government organizations are notoriously difficult to crack so the NSA’s successful implementation could open the door to broad usage of the cloud technology in the U.S. federal government. It’s also good news for OpenStack users. Since the NSA has very strong security requirements, it developed a number of systems for securing APIs and guest OSes and putting SSL “everywhere,” Burton said. “I hope in the future to take what we learned from securing OpenStack and release that back to the community,” he said...

Major Security Issues with Cloud Computing Being Ignored

Grazed from IBTimes. Author: David Gilbert.

Businesses are completely ignoring a growing problem facing their organisations as cyber criminals look to target increased security flaws as operations move to the cloud. Cloud computing was one of the buzzwords of 2012, gaining widespread adoption among individuals, SMEs and major corporations all around the world. It is going to make our lives easier while saving us millions of pounds at the same time.

However, one issue which is being ignored by the vast majority of organisation is security, with a Pricewaterhouse Coopers survey from last year showing that more than three quarters of respondents across a range of companies believed cloud computing did not increase their security risk. A belief shattered by a report published this week by security firm Imperva which highlights just how easy it is for even one of the world's largest online companies to be hacked and have sensitive consumer data stolen...

Cloud Computing: Prism Skylabs Launches Partner Program

Grazed from Security Info Watch. Author: Deborah O'Mara.

Prism Skylabs, based in San Francisco, recently unveiled a new partner program for systems integrators. The Silicon Valley company, a cloud-based service that is changing the way video is accessed, stored and analyzed, recently launched the program designed specifically for installation companies who understand the importance of bringing a differentiated product to market.

With little or no barrier to entry and the ability to offer the service to current customers with smaller IP/IT footprints consisting of off-the-shelf hardware, the program gives participants an easy way to leverage the existing video infrastructure, add value and increase their recurring monthly revenue...