May 20, 2021

Barracuda launches Cloud Application Protection 2.0

Cloud
supplychain
cybersecurity
bots
3 min
The new platform blocks supply chain attacks, uses machine learning (ML) and adds containerised WAF to protect apps deployed in containers

Barracuda Networks, a leading provider of cloud-enabled security solutions, has announced new capabilities for its Cloud Application Protection platform to deliver an additional level of protection and make it even easier for organisations to secure their applications. 

Client-side protection, the ability to deploy containerised WAF nodes, and an auto-configuration engine are just some of the new services and features the platform includes. The Cloud Application Protection also now leverages machine learning (ML), vulnerability scanning and remediation, and Advanced Threat Protection to provide active threat intelligence for stronger protection.


Highlights of Cloud Application Protection 2.0 include:

  • Client-Side Protection — This new feature automatically creates and deploys protections against website skimming and supply chain attacks such as MageCart. These types of attacks are performed by infecting a script that is loaded directly by the browser, meaning that WAFs are unable to detect them. Cloud Application Protection 2.0 adds both protection and reporting capabilities against these attacks.
  • Containerized WAF deployment This new deployment option brings the same security engine as Barracuda WAF and WAF-as-a-Service, but in a container form. As more applications are now deployed in containers, they can now be protected.
  • Auto-Configuration Engine The Auto-Configuration Engine uses ML models to check an organisation's traffic patterns and provide recommendations to tighten security settings, reducing administrative overhead.
  • Active Threat Intelligence — This cloud-based ML-enhanced service provides near real-time active threat intelligence to detect and stop new threats as they occur. Barracuda Active Threat Intelligence brings together the Barracuda Vulnerability Manager, Barracuda Vulnerability Remediation Service, Barracuda Advanced Threat Protection, and Barracuda Advanced Bot Protection's cloud layer, making it a single service that covers the full range from detection to remediation.

“At Barracuda, we strive to continually make security easier for our customers, and Cloud Application Protection 2.0 provides enterprise-level application security with consumer-level ease of use,” said Tim Jefferson, SVP, Engineering for Data, Networks and Application Security at Barracuda. “The powerful new capabilities we’re introducing address the application security issues organisations are most concerned about right now and also provide protection for where applications are headed next.”
 

The state of application security in 2021

 

Barracuda has recently released the results of its survey, ‘The state of application security in 2021.’ They surveyed 750 application security decision-makers responsible for their organisation’s application development and security. Participants were from the US, Europe, and APAC, and each represented organisation had 500 or more employees globally.

The top five application security challenges they pointed to were bots, supply chain attacks, vulnerability detection, API security, and security slowing down app developments. On average, respondents were successfully breached twice in the past 12 months as a direct result of an application vulnerability. 72% of respondents said their organisation suffered at least one security breach from an application vulnerability. 

Overall, the findings indicate that more needs to be done to protect against application security threats, particularly newer threats. Many organisations realised issues within their systems and are looking to deploy new solutions in the coming year such as bot protection (41%), API gateway (36%), and software supply chain protection (scanning) (33%). 

Share article

Jun 8, 2021

Fastly's CDN Reportedly to Blame for Global Internet Outage

Technology
Fastly
servers
websites
Tilly Kenyon & Oliver James Fr...
3 min
Multiple outages have hit social media, government, and news websites across the globe

A huge outage has brought down a number of major websites around the world. Among those affected are gov.uk, Hulu, PayPal, Vimeo, and news outlets such as CNN, The Guardian, The New York Times, BBC, and Financial Times.

It is thought a glitch at Fastly ─ a popular CDN provider ─ is causing the worldwide issue. Fastly has confirmed it’s facing an outage on its status website but fails to specify a reason for the fault ─ only that the problem isn’t limited to a single data centre and, instead, is a “global CDN disruption” that is potentially affecting the company’s global network.

“We’re currently investigating potential impact to performance with our CDN services,” the firm said.

What is Fastly?

Fastly is a content delivery network (CDN) company that helps users view digital content more quickly. The company also provides security, video delivery, and so-called edge computing services. They use strategically distributed, highly performant POPs to help move data and applications closer to users and deliver up-to-date content quickly.

The firm has been proving increasingly popular among leading media websites. After going public on the New York Stock Exchange in 2019, shares rose exponentially in price, but after today’s outages, Fastly’s value has taken a sharp 5.21% fall and are currently trading at US$48.06. 

What are CDNs?

Content delivery networks (CDNs) are a web of small computers, or servers, that link together to collaborate as a single computer. CDNs improve the performance of internet-connected devices by placing these servers as close as possible to the people using those devices in different locations, creating hundreds of points of presence, otherwise known as POPs.

They help minimise delays in loading web page content by reducing the physical distance between the server and the user. This helps users around the world view the same high-quality content without slow loading times. 

Without a CDN, content origin servers must respond to every single end-user request. This results in significant traffic to the origin and subsequent load, thereby increasing the chances for origin failure if the traffic spikes are exceedingly high or if the load is persistent.

The Risk of CDNs

Over time, developers have attempted to protect users from the dangers of overreliance through the implementation of load balancing, DDoS (Denial of Service) protection, web application firewalls, and a myriad of other security features. 

Clearly, by the state of today’s major website outage, these measures aren’t enough. Evidently, CDNs present a risk factor that is widely underestimated ─ which needs to be rectified with haste. Content delivery networks have become a key part of the global infrastructure, and so it’s imperative that organisations start to figure out risk mitigation strategies to protect companies reliant on the interconnected service from further disruption and disarray. 

Over the coming days, both Technology Magazine and Data Centre Magazine will continue to provide updates on the current situation as developments are made.

Share article