The Emergence of Deep Application Security, Segmentation and Compliance

Introduction

Various business regulatory bodies have defined methods of sensitive data handling based on the nature of the business. Rapidly changing compute, network and storage environments such as private, public and hybrid cloud necessitate constant upgrades in the security and compliance clauses. Highly scalable and dynamic application architectures such as containers, micro-services and third party API driven architectures are making DevOps efficient but at the same time increasing the complexity of security, segmentation and business compliance. In such environments, preparing for business compliance audits, producing all the required monitoring data and passing the compliance audits has become excruciatingly painful and expensive.

Read More

How to protect applications from third party services and APIs?

Introduction

Application architecture is rapidly changing from monolithic virtual machine based to containerized micro-services based. Micro-services provide the perfect agility and DevOps freedom that IT managers need. Scaled-out distributed applications consume local as well as web based services by service commissioning and subscription models. Web based services and REST APIs for consumption of those services have been largely accepted as an ideal model by the development and security operations community.

Read More

How to protect when credentials are stolen?

Introduction

Every CIO, CISO or CxO’s worst nightmare is the theft of their or their staff’s credentials and subsequent attacks and abuse using those credentials. Unfortunately, the problem is complex and two fold. First, the victim does not know when the theft occurred and second the theft comes into light only after performing forensics analysis of the attack which used those credentials.

Read More

Why are MongoDB deployments under attack?

Critical observations and thoughts.

Today, I wanted to discuss the most pressing problems which MongoDB based applications are suffering with. Worldwide the attacks on MongoDB including taking the database for hostage grew multi-fold in 2017 only. By some analysis, within one week of January 2017, these incidents grew to 28000.

Read More

WannaCrypt: What should you do?

WannaCrypt ransomware is creating havoc on internet connected Windows PCs and servers and bringing down businesses one after the other.

I cannot emphasize enough that botnets and ransomware remains one of the biggest threats to various businesses. The damages to the economy are enormous. Just about 2 days ago, I responded to a Dale Drew’s (CISO of Level3 Communications and a well-regarded security expert) blog –   256: WHY HEALTHCARE SECURITY IS VULNERABLE AND BOTNETS & RANSOMWARE REMAIN OUR BIGGEST THREAT.  I highlighted the severity due to international nature of ransomware.

Read More

Deterministic Application and Data Security

Introduction

Application security is relatively new technology compared to traditional network security. The gravity and importance of application security has increased multi-fold with the rise of public, private and hybrid cloud environments ,where the underlying infrastructure such as compute, network and storage may or may not belong to application owners. Large number of legacy applications is being ported to cloud environments. Then there are cloud native applications which are completely developed, tested and productized on cloud environments. In other words, your application requires special consideration for security. How big is the problem? The answer has two variants. Financially, it will be about $7 billion dollars by year the 2021. Not alarmed? Technologically, it will kill the Digital Transformation and Industry 4.0 which is worth $380 billion dollars by year the 2021. Digital transformation and industry 4.0 market sizes by Gartner. Now, that we are on the same page lets discuss Deterministic Application and Data Security.

Read More