Below the surface of relative calm, the tug-of-war over Ukraine has seeped into the cyber realm in the form of attacks on the websites of government agencies, media publications and social networks.
NEC and Radware have been working together on software-defined networking solutions, and today the latter company revealed its DefenseFlow application for NEC’s ProgrammableFlow Controller is now generally available.
At Mobile World Congress this week in Barcelona IBM is encouraging mobile developers to create apps powered by Watson, Cisco’s Quantum virtualized packet core has passed portability testing, and Radware announces a SDN and NFV solution strategy for mobile carriers and service providers.
Attack Mitigation Network is the new security solution available for virtual and cloud data centers and launched by Radware. The company which is into application delivery and application security is targeting enterprises in a move to provide protection against the recurring attacks. AMN spreads out detection coverage across the entire resource of enterprise and automates prevention by opting for the most effective tools and locations– in the data center, at the perimeter or in the cloud.
RSA interview with Carl Herberger, Vice President of Security Solutions at Radware, for Sys-Con Media's SDN Journal.
Network-function virtualization and software-defined networking continue to get a lot of attention at the Mobile World Congress 2014 event, with vendors such as Wind River, Alcatel-Lucent and Radware offering new solutions and announcing partnerships.
Radware took the wraps off three new solutions that leverage network functions virtualization and software-defined networking to enable LTE mobile network operators to more effectively address evolving load balancing, security, service chaining, and traffic steering requirements.
How quickly a merchant’s website opens can mean the difference between a sale and an antsy consumer who moves on to another site to satisfy his immediate needs. Unfortunately for many eCommerce merchants, their websites are not living up to consumers’ expectations, and they may be losing sales, new research suggests.
As e-commerce sites continue to grow they also seem to be getting slower, which is not good news for site visitors.
The top 500 retail websites are 21% slower now than last year, which could impact brand perception and customer retention according to a new study conducted by Radware.
The latest quarterly "State of the Union" report from application delivery and solutions firm Radware reveals that the average retail website is a lot more cumbersome and slow to load today than it was a year ago resulting in a greater risk of negative brand perception.
Radware’s SDN security application is integrated into the OpenDaylight
Project controller framework, Extreme Networks launches Purview
application analytics, and Cyan’s Blue Planet platform is selected by
the Jeollanam-Do province in South Korea.
Hackers used to be content just siphoning off huge wads of cash and stealing millions of identities, but today’s cyber evildoers also want to mess with investors.
Radware, a leading provider of application delivery and application security solutions for virtual and cloud data centers, recently released its 2013 Global Application and Network Security Report. The annual report indicates that distributed denial of service (DDoS) attacks will continue to be a serious issue in 2014 – as attackers become more agile and their tools become more sophisticated.
According to Radware, DoS/DDoS attacks continue to rise and the concern among organizations continues to grow. The '2013 Global Application and Network Security Report' provides insights to help organizations better detect, mitigate and win the extended and persistent DoS/DDoS battle. Radware has published infographics to summarise the key highlights from its 2013 Global Application and Network Security Report.
Record-breaking 309 Gbps distributed denial-of-service attack reported, and attackers continue to employ new ways of flooding and overwhelming struggling targets.
DDoS attacks will continue to be a serious issue in 2014 – as attackers become more agile and their tools become more sophisticated, according to Radware. Their report was compiled using data from over 300 cases and the Executive Survey consisting of personal interviews with 15 high-ranking security executives.
For quite some time, there has been an interest in the security industry for a quadrant that’s specifically for attack mitigation systems and services. Gartner has provided a number of “magic-quadrant” reports on arenas such as firewalls, Intrusion prevention systems, SIEM, MSSP and a few others. Additional analysts from firms such as Infonetcis, Forester, and IDC have published security reports but none have covered the attack mitigation market.
Of all the elements needed to implement a next-generation SDN architecture, none is considered more crucial than the controller. After all, in a software defined network, the software's magic lies in the controller, and now that we have separate implementations of the control and data planes, the controllers need to do some fancy footwork to keep everything coordinated.
Web and mobile users continue to expect faster sites and apps–especially when it comes to mobile–and this year I’d like to see people who work on the web spend more time focusing on performance as a user experience priority instead of chasing trends.
The recent wave of distributed denial-of-service (DDoS) attacks that took out EA's Origin service, Blizzard's Battle.net, and League of Legends, amongst others, was using a virtually unheard of method to amplify the amount of data being sent in order to grind many popular online games to a halt.
Last year was the year of the cyber attack. Operation Ababil by Cyber Fighters of Izz ad-Din Al-Qassam, Adobe’s massive data breach and the widely publicized attack on The New York Times by the Syrian Electronic Army are just a few of the attacks that showcased major security vulnerabilities in the enterprise.
In today's environment it is almost certain every organization will face a cyber-attack. This can be a deliberate attack because of the profile of the organization or a crime of opportunity due to the existence of an exploitable vulnerability. Whatever the case, organizations have to be keenly aware of the environment they are operating in so they can safeguard their assets at all times.
Predicting the future, of course, is impossible. But based on the dynamic events I've witnessed in information security this past year -- new adversaries, attack techniques, and increased adoption of such emerging technologies as software-defined networking -- here are seven security trends I’ll be watching closely in 2014.
Radware recently introduced Defense4All, saying that it is the
industry’s first open SDN security application for the OpenDaylight
A study by Radware, provider of application delivery and application security solutions for virtual and cloud data centers, revealed network speed has a profound impact in how consumers view the company.
Kent Altstad of Radware spoke to us at DevCon5, about performance issues on the web and the fact that no matter where the customers accesses the systems, the performance experience is the key to lead people’s perception of your site and your brand.
Radware® (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, today released new research revealing that network speed deeply impacts consumers at every phase of the transaction process, particularly users of mobile devices.
Carl Herberger, vice president at Radware, a cybersecurity firm that has its U.S. headquarters in Mahwah, said it is hard to know "how many alarm bells we should ring" without knowing the motive for the theft.
Activists that have links to Anonymous were able to gain access to U.S. government computers through a software flaw on the outdated Adobe ColdFusion platform. This left many agencies vulnerable to penetration and attackers were left undiscovered for almost 12 months.
Radware Ltd. announced the roll out of its latest cloud application delivery controller platform at AWS re:Invent Conference, the flagship event from AWS to bring together technical leaders and application developers from the AWS community. The new launch, Alteon Virtual Appliance (VA) for AWS is available on the Amazon Web Services (AWS) Marketplace as an Amazon Machine Image (AMI).
A recent survey of UK shoppers found that 70% will be put off spending their Christmas budget online this year by poorly designed websites and shopping experiences.
Distributed denial-of-service, or DDoS, attacks are on the rise, and gaining in frequency and complexity. Fortunately, they present a real opportunity for service providers to yield a quantifiable benefit to just about every enterprise customer in just about any vertical market imaginable.
Mobile has been a buzzword for many years now and, with the holiday season upon us, it will play an important role for customers and retailers alike. But according to a new report by Radware, “2013 State of the Union: Mobile Ecommerce Performance,” mobile users are unhappy with mobile site performance that has led to a staggering 97% abandonment rates in online shopping carts.
A massive gap exists between the amounts of time consumers spend on mobile retail websites versus how much money is spent on mobile retail.
Radware announced that the company has secured a place in the Leaders Quadrant for its Application Delivery Controllers in the coveted Gartner (News - Alert) Magic Quadrant for the fifth time. Gartner also acknowledged Radware as the company having the most completeness of vision 2013.
“The trouble the government is facing when
taking itself online is that people have come to expect the high level of
availability and performance they get from Amazon and Google with every web
site they use,” said Kent Asland, Vice President of Acceleration at Radware,
which specializes in application delivery.
Compute infrastructure technology has
undergone a fascinating evolution over the last decade. Virtualization changed
the way compute is utilized and the way IT operations are run.
Carl Herberger of Radware says that when a visitor to a site misspells his password, that is probably innocuous. But when he enters a series of common words in sequence, it is probably an attack. Likewise, if a site normally receives a certain mix of queries and suddenly one category rises out of proportion, this can be detected and blocked.
Clunky and slow retail websites are frustrating consumers, and their complaints aren’t always being heard by site owners. In fact, websites for the top 500 U.S. retailers are generally 14 percent slower since summer 2013 and 16 percent slower than autumn 2012, according to findings from a recent survey.
Carriers and service providers faced with the challenge of balancing customer demand and network efficiency can now look to Radware. The company, which specializes in application-delivery and -security solutions for virtual and cloud data centers, has announced ElasticScale, a solution that scales and programs networks for L4-L7 application delivery.
The sixth edition of Radware’s quarterly report was released this morning and found that
e-commerce websites in general are slower and less efficient than just a year
A software-defined networking solution from Radware called ElasticScale is now commercially available, the company announced today. ElasticScale optimizes network services via virtual appliance provisioning, traffic distribution across virtual appliances and acceleration of virtual appliance I/O. As a result, carriers and service providers can offer application delivery, Web performance optimization, Web application firewalls and anti-DoS protections as needs require.
increase when bounce rates decrease, if for nothing else than more customers
stay on your site. Time to Interact is a key indication of your site’s ability
to provide a good user experience, and reduces perceived page load time,
serving as a good measure of real-user performance.
Software-defined networking (SDN) has the potential to bring major news to networking. Some of this potential has already been realized, but some of the main advantages of software-defined networking (SDN) still need to be implemented. For example, SDN has the potential to create a network which is smarter than what we have today.
Radware today announced that it has partnered with HP a recognized pioneer in software defined networking, (SDN) to help accelerate its product development in order to increase its presence in the SDN market.
As the industry watches the results of early adopter case studies and hears pundits advocate for this new means of controlling the network fabric, consensus is building for the potential that SDN could be an IT game-changer.
But it's necessary--Carl Herberger of security firm Radware told me that "Phishing, and social engineering in general, represents one of the biggest security threats for this decade and prudent testing of desired and appropriate employee behavior is paramount for today’s secure environments."
Revelations that the National Security Agency can break through web site encryptions and access huge amounts of personal data has raised questions about how safe our day-to-day financial dealings really are.
There are several dates throughout the year that are notorious for wreaking havoc on businesses via DDoS attacks, data breaches and even malware or botnet assaults.
With Cyber Attacks Surging on Patriotic Anniversaries and Holidays, Businesses Must Prepare and Protect Their Critical Infrastructures Against Threats
There are several dates throughout the year that are notorious for wreaking havoc on businesses via denial-of-service (DoS) attacks, data breaches and even malware or botnet assaults. As September 11th nears, rumors about coordinated cyber attacks on American websites continue to increase.
Politically-motivated hackers recently announced a call to arms to Muslim hackers aimed at attacking U.S. and Israeli websites on Wednesday, the 12th anniversary of the September 11 terrorist attacks.
Understanding where your organization is vulnerable, and specifically on what days it might be most vulnerable, is the best way of formulating a strategy for mitigating risks
The threatened fourth phase of distributed-denial-of-service attacks attacks against U.S. banks by the self-proclaimed hacktivist group Izz ad-Din al-Qassam Cyber Fighters has been largely unsuccessful (see: DDoS Attacks Strike Three Banks). But experts believe these hacktivists, or other groups interested in pairing DDoS attacks with fraud, could soon target other sectors that have weaker defenses.
This week, Industry Perspective asks Avi Chesla about application-aware software-defined networking (SDN) and its uses. As Chief Technology Officer at Radware, Avi is responsible for leading the company’s strategic technology roadmap and vision.
How could the Times have recovered faster after the Syrian Electronic Army attacked its DNS registry? Here are six considerations to help protect your business from similar harm.
The latest attack on the websites of the New York Times and Twitter showed higher sophistication, indicating a growing expertise, said Carl Herberger, a vice president for the network-security company Radware Ltd. (RDWR), based in Tel Aviv with offices in New Jersey.
Stock exchanges have been a target for hackers before. In a session at the RSA security conference earlier this year, Ziv Gadot, Security Operations Center (SOC) team leader at Radware, had a talk titled, "Stock Exchanges in the Line of Fire—Morphology of Cyber-Attacks."
JPMorgan Chase (JPM) and Citigroup (C) both said they suffered system issues on Thursday as a group of cyber criminals was said to launch a new round of attacks against U.S. banks.
The corporate and media sites of The New York Times (NYT) experienced a lengthy outage on Wednesday that a source close to the matter said appeared to be caused by a cyber attack, although the newspaper cited a scheduled maintenance update.
Activities under the OpenDaylight Project umbrella are moving along at a rapid clip, according to the organization, with one of the more recent contributions to the effort coming from Radware.
Application delivery and security vendor Radware has contributed an open source distributed denial-of-service protection application to the OpenDaylight Project.
What kinds of weaknesses do attackers search for when studying and selecting denial-of-service (DoS) targets?
U.S. military and intelligence officials make a pilgrimage each year to Las Vegas, where the annual Black Hat conference showcases how hacking has gone mainstream, creating a virtual digital-arms supermarket.
Major U.S. banks have been grappling with a cyber threat in recent days from a familiar foe, but there are signs the financial institutions may emerge relatively unscathed this time.
In March of this year, application delivery and security provider Radware reported that the median load time for the top US retail websites was 7.25 seconds, more than four seconds over the optimal three-second load time. Radware’s latest study reveals that the median load time for the same group of websites was even slower in June, measuring 7.72 seconds, a 13.7 percent drop since Spring 2012.
Recent DDoS attacks on banks are prime examples of the new age of ideological threats to organizations across all industries. Who are the threat actors, and how can organizations best manage risks?
Have you noticed that it is taking longer to get your shopping done online? It is, according to a new study on page speed and website performance, and that could be costing online merchants customers.
The increase in mobile device has resulted in network challenges for businesses of all types and sizes. According to the Monetate Q1 2013 Ecommerce Quarterly, tablets have exceeded traditional desktops in driving web traffic and conversion rates, suggesting that users rely more heavily on mobile devices to make purchases and complete transactions through web applications and mobile sites.
Radware, a provider of application delivery and security solutions for virtual and cloud data centers, recently introduced DefenseFlow. This solution leverages the Cisco eXstensible Network Controller (XNC) and SDN technologies to provide DoS and DDoS protection natively, as a network service.
DAKAR (Reuters) - In Nouakchott, a dusty city wedged between the Atlantic ocean and western dunes of the Sahara, a young hip-hop fan coordinates a diverse group of hackers targeting websites worldwide in the name of Islam.
Performance has always been crucial to the success of Web sites. A growing body of research has proven that even small improvements in page-load times lead to more sales, more ad revenue, more stickiness, and more customer satisfaction for enterprises ranging from small e-commerce shops to megachains such as Walmart.
With the increasing use of Web applications from mobile devices and the variety of devices accessing applications through different types of networks, a new approach to application delivery optimization is required.
As the notoriety of Anonymous spreads, some amateurish hackers are claiming affiliation with the group in order to bolster their own hacking bona fides.
By virtue of the loose hacking collective’s name and lack of any public membership roster, practically anyone with an Internet connection can broadcast that he is a member. Alexander Waterland and Brett Hudson did this last year when they claimed to have obtained sensitive data from the University of Pittsburgh and threatened to release it.
As clashes in Turkey continue, the hacker collective Anonymous has decided to join the protests.
Yesterday, on Anonymous' "official" Twitter account YourAnonNews, the hacktivists announced #OpTurkey. The group also set up a website, Operation Turkey, to boasts their online exploits.
Just when you thought you could tune out the fears about DDoS (distributed denial of service) attacks, listen up: the risks for you suddenly are much graver, and it may be the time when defensive action on your part has become necessary.
Mobile computing and other trends have dramatically altered how enterprises work, requiring data centers to find new ways to meet computing demands. Cloud computing, flash storage, software-defined networks (SDN), virtualization and new data center management tools will help data center managers deliver the data their customers or end users need.
Avi Chesla is Radware’s CTO. As Chief Technology Officer at Radware, Mr. Chesla is responsible for leading the company’s strategic technology roadmap and vision. This includes laying the theoretical basis for future products and solutions, research and design of core product algorithms, evaluating OEM opportunities and representing the company’s technology and future plans to the industry.
Hacktivists' threat to wreak digital havoc on U.S. government sites and financial institutions fell well short of the mark on May 7, the first day of the so-called "OpUSA" attack.
The online sites of the nation's biggest banks seem to be functioning without interruption following a hacktivist threat to launch a series of cyberattacks on financial institutions and government agencies.
Advanced cyber attack tools have become readily available for use by foreign governments and terrorists to infiltrate or cripple U.S. computer networks, two federal law enforcement officials told a congressional panel.
The OperationUSA attack that the hacktivist group Anonymous announced would hit U.S. government and banking institution websites on May 7 apparently never gained traction.
Hacktivist groups under the Anonymous umbrella had warned they would take down major U.S. government and financial websites today in what they dubbed the OpUSA hacking campaign. But in the end, it was just a few defacements of lesser-known websites and seemingly random dumps of personal information online.
A group of activist hackers kicked off an ambitious cyber operation on Tuesday that targets a slew of high-profile American targets, including major government agencies and dozens of U.S. financial-services companies.
A collective of hacker groups plans to attack the websites of major government agencies and banks on Tuesday to protest American foreign policy.
Banks may be about to endure yet another cyberattack by hacktivist groups. The hacker collective Anonymous has joined with groups throughout the Middle East and North Africa to vow a series of so-called denial of service attacks this Tuesday against financial institutions, other U.S. firms and government agencies.
Anonymous' failed attack against Israeli websites last month has left security experts cautiously optimistic that the hacktivist group will be unsuccessful in its plans to disrupt U.S. government and banking sites.
Security experts say that OperationUSA, a coordinated online attack against banking and government websites slated for May 7, is a serious threat. As a result, organizations should be upping their distributed-denial-of-service attack mitigation strategies to guard against the attacks, which are being coordinated by the hacktivist group Anonymous.
Site speed has been associated with every business metric you care about: page views, bounce rate, conversions, customer satisfaction, return visits and revenue. These effects are felt at companies of all sizes, from online giants like Amazon.com to small e-commerce shops.
Distributed-denial-of-service attacks against banking institutions are becoming a global concern, and experts say many organizations outside the U.S. financial-services sector are ill-equipped to defend themselves.
Radware introduced DefenseFlow, the first in the company's suite of Software Defined Networking (SDN) applications providing organizations with network wide attack mitigation service. The Radware SDN strategy provides an SDN framework, outlining support for three dimensions SDN applications – building
Although the hactivist group Anonymous had declared its supporters would attack Israel on April 7 and "erase Israel from cyberspace," the damage from Anonymous so far appears to be minimal to Israeli government and bank websites that are among the main targets. However, now Israeli hactivists are fired up and counter-striking at Palestinian, Iranian and Turkish website targets.
Discerning between malicious traffic and legitimate traffic in real time is challenging for companies targeted by distributed denial-of-service attacks, but the task is made more difficult when the attacks come from reputable Internet properties that cannot easily be filtered.
Apparently, if you run a top e-commerce website, it pays to be slow. Unless you’re Amazon.
TD Bank and Keybank confirmed their online banking sites were hit by distributed-denial-of-service attacks last week, and industry experts say hacktivists' attacks waged during this so-called third campaign are becoming increasingly sophisticated.
U.S. intelligence recently identified cyber attacks as more threatening than terrorism. With a number of recent high-profile attacks on government, business and celebrities, BNN interviews Carl Herberger, on how organizations can improve their cyber security.
Though JPMorgan Chase (JPM) and BB&T (BBT) are the only big banks to confirm a denial of service attack on Tuesday, roughly a half dozen institutions endured digital assaults at around the same time, according to Radware, a security firm that
President Barack Obama expressed concern about computer hacking as U.S. law enforcement agencies began probing the posting of purported financial information of celebrities, government officials and First Lady Michelle Obama.
With everyone from Facebook (FB) to the Federal Reserve suffering high-profile cyber intrusions, it’s never been a better time to be involved in the multibillion dollar cyber-security business. The dramatically increased attention from corporate America and the federal government alike has helped transform cyber security from a niche area few CEOs lost sleep over to a key growth sector that is likely to receive a larger and larger chunk of both private and public sector budgets.
At RSA Conference 2013 in San Francisco, Radware announced DefensePipe, an integrated and comprehensive solution to help mitigate volumetric DDoS attacks which threaten to saturate a customer's Internet pipe, or the "outside line" that connects enterprises to the web.
An Islamic group that has claimed responsibility for several waves of attacks on major U.S. banks since last September has promised to resume its assault next week using a lot more firepower.
After taking almost a month-long break from disrupting the websites of financial institutions, the al-Qassam cyber fighters appear to have once again resumed cyber attacks on U.S. banks.
Radware Security Solutions VP Carl Herberger on launching counter-attacks on cyber criminals.
When the lights went out at the Super Bowl in New Orleans earlier this month, more than a few security professionals instinctively feared it was caused by a cyber attack on a crucial part of the nation’s aging and largely exposed critical infrastructure.
One of BCBusiness magazine’s Best Companies to Work For in B.C. has been scooped up by an Israeli security solutions tech firm.
Two companies involved in making it easier and safer to access software on mobile devices are becoming one. Tel Aviv-based Radware (Nasdaq:RDWR) announced February 7 that it is buying Vancouver's Strangeloop for an undisclosed amount.
Radware (NASDAQ: RDWR) said it has completed the acquisition of Strangeloop Networks, a leader in the Web performance acceleration domain.
Radware (NASDAQ: RDWR), a provider of application delivery and security solutions, on Thursday announced that it has acquired Strangeloop Networks, a provider of Web performance acceleration solutions.
The Federal Reserve found a security breach on a website it uses to stay in touch with banks during emergencies and said no critical operations were affected.
After months of claiming to bombard banks with cyber attacks, a group calling itself the al-Qassam cyber fighters announced plans on Tuesday to suspend its campaign against U.S. financial institutions due to the removal of the main copy of a controversial YouTube film.
With the number of denial of service (DOS) attacks growing overall, a variety of techniques are being used to take advantage of the Domain Name System’s openness to direct attacks against DNS servers and even against targets that do not maintain a DNS server.
While data is not readily available on the attacks hitting financial institutions, defenders dealing with the incidents say that the attacks are effective and costly. The distributed denial-of-service attacks hitting financial institutions continue to concern many security experts, but looking for evidence of the attacks serves up a meager helping of data points that belies the seriousness of the problem, say infrastructure and security experts.
If Iran is masterminding the online attacks against U.S. banks, where's the hard evidence?
Numerous current and former U.S. officials have accused the Iranian government of sponsoring the distributed denial-of-service (DDoS) attacks, which began in September and recently restarted. For four months, the attacks have disrupted the websites of many of the United States' leading financial institutions, including Bank of America, Citigroup, JPMorgan Chase and Wells Fargo.
Cyberattacks on U.S. banks over the last several months reflect a frightening new era in cyberwarfare that corporations are unprepared to battle because of a shortage of experts skilled in building effective defenses, one security expert says.
Iran is being blamed for a recent wave of cyberattacks, namely a series of Distributed Denial of Service attacks launched against major financial institutions. Affected financial institutions include, but may not be limited to, Bank of America, Chase, Citigroup, Wells Fargo, HSBC, Capital One, PNC, U.S. Bancorp, Fifth Third Bank and BB&T.
Windsor Genova – Fourth Estate Cooperative Contributor New York, NY, United States (4E) – Twenty major U.S. banks were hit by a new wave of high-powered cyber attack starting Wednesday and security experts believe the hacking was sanctioned by Tehran.
A string of cyberattacks that has bedeviled some of the nation's biggest banks appears to have a state sponsor who is taking the battle to the cloud. The know-how required to mount the attacks, which have slowed the websites of at least six U.S. banks since December, has persuaded U.S. officials that the disruptions are the work of Iran, The New York Times reported Tuesday.
Brian Todd reports on a wave of online attacks on major banks in the U.S., and who some consider the main suspect.
The attacks are very sophisticated, security researchers say. This allows for more dynamic attacks, but also leaves the attackers open to being identified a lot easier, Hammack said. The U.S. government is monitoring some of the compromised servers used in the attacks and can see exactly where those instructions are coming from, he said.
US financial institutions are being pounded with high-powered cyber attacks that some suspect are being orchestrated by Iran as payback for political sanctions.
FBN's Adam Shapiro on government officials blaming Iran for a series of recent bank hacks.
Carl Herberger of Security Solutions for Radware on Iran's role in cyber attacks on banks.
The attackers hit one American bank after the next. As in so many previous attacks, dozens of online banking sites slowed, hiccupped or ground to a halt before recovering several minutes later.
The FBI Cyber Division has issued an alert to media outlets to beware compromise by the Syrian Electronic Army (SEA), and urged them to report any suspicious network traffic or behavior to the bureau.
Radware Security Solutions vice president Carl Herberger weighs in on cyber attack and security.
The websites of major U.S. banks are facing a new round of cyber attacks linked to the same group responsible for similar assaults earlier this year.
The latest attacks started last week and have hit Bank of America Corp., SunTrust Banks Inc. (STI), JPMorgan Chase & Co. (JPM), U.S. Bancorp, Wells Fargo & Co. (WFC) and PNC Financial Services Group Inc. (PNC), according to two executives at companies providing security to some of the targeted banks, who asked for anonymity because they weren’t authorized to discuss clients and didn’t want their companies to become targets of computer assaults. PNC was under attack today, the executives said.
Fatigued by a relentless onslaught from hackers, Corporate America is mulling a more aggressive and proactive approach to powerful cyber evildoers. Offensive counterstrikes are likely illegal in today’s murky legal structure, but some security professionals are calling for at least a more proactive stance that utilizes measures like disinformation campaigns, honey pots and intelligence gathering.
Dmitri Alperovitch, co-founder and chief technology officer at CrowdStrike Inc., Carl Herberger, vice president of security solutions in Americas at Radware, Mike McConnell, vice chairman of Booz Allen Hamilton Inc., and Andy Ozment, White House national security staff's senior director for cybersecurity, participate in a panel discussion about thwarting state-based cyber attacks on financial institutions. Bloomberg's Michael Riley moderates the panel at the Bloomberg Link's Enterprise Risk Conference in New York
Tel Aviv-based security company Radware said the attacks against Israel first began surging across the web on Thursday, describing some as well coordinated denial-of-service attacks. Although such attacks can effectively knock their targets off the web, they're usually temporary and rarely do lasting damage.
Anonymous-led denial of service attacks continued unabated for the second day Friday against Israeli government and corporate websites in retaliation for airstrikes in the Gaza Strip.
The hacktivist collective started its Operation Israel campaign at 3 a.m. Eastern time Thursday by attacking sites that belonged to the Israel Defense Forces, the Prime Minister's office, Israeli banks, airlines, media outlets and security companies.
Protesters claiming to be part of the Anonymous movement decried the Nov. 14 attacks by the Israeli military against the Hamas leadership allegedly responsible for hundreds of rocket attacks against Israeli civilians and offered their help to keep Palestinians online and reporting on their situation.
The hacktivist group Anonymous Thursday announced that it would begin launching online attacks against a number of Israeli government sites, as part of its ongoing Operation Israel (OpIsrael).
After Israel killed a top military commander of Hamas on Wednesday, Anonymous, the loose affiliation of hackers, retaliated with a series of attacks on Israeli Web sites.
Cyber hackers at Anonymous launched a cyber onslaught on Thursday aimed at the Israeli government and corporate websites in retaliation for Israel’s airstrikes in the Gaza Strip this week.
Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape, according to the Ponemon Institute and Radware.
While cyber attacks are becoming increasingly more sophisticated and severe, many organizations are unarmed and unprepared to confront threats, according to a recent study by the Ponemon Institute and cloud software provider Radware.
Radware introduced DefensePro x420, the next-generation hardware platform in the DefensePro application security suite. With the ability to handle 25 million packets per second of attack traffic, regardless of packet size, as well as up to 40Gbps of legitimate traffic, DefensePro x420 is designed to protect organizations from the industry's highest volume DoS and DDoS attacks.
Radware on Tuesday announced its fastest attack mitigation solution yet, the DefensePro x420. The x420 is an upgrade to their DefensePro offering, and is designed to help customers withstand sustained DDoS attacks.
It's been a month of crippling denial-of-service attacks on websites operated by U.S. banks and financial services firms. A terrorist organization called Al-Qassam takes credit online, but now the attacks are being blamed on Iran.
So is this just another case of cybercrime, or something entirely different? Could this be cyberwar?
Within the past month, crushing blasts of 65Gbps traffic, mainly from thousands of compromised Web servers, has targeted Bank of America, Wells Fargo, US Bank, JP Morgan Chase, Sun Trust, PNC Financial Services, Regions Financial and Capital One. The attacks have effectively cut bank customers off from online services for extended periods.
A string of cyber attacks on U.S. financial institutions has created headaches this fall by slowing down or preventing online banking access for millions of Americans. But imagine the real economic damage that similar-style attacks would cause if they struck U.S. retailers this holiday-shopping season, potentially eating into projected online sales of $54 billion. While retailers deserve credit for bolstering their defenses against credit-card-hungry organized crime rings, security professionals believe the industry is vulnerable to this different kind of onslaught aimed at crippling online sales.
Mary Gieser McCandless recently spent three hours trying to log on to Wells Fargo WFC -0.28% & Co.'s website before a customer service representative declared the problem was her computer.
The diagnosis puzzled Ms. McCandless, who is no Luddite. She builds database software from her home in Winston-Salem, N.C. She only figured out the real problem later that day, after seeing news reports about how big banks were the target of a cyberattack.
"It's really annoying that I had to go to other sources to find out what was going on with my bank," she said. "It doesn't inspire a lot of confidence."
Capital One Financial Corp. (COF), BB&T Corp. (BBT) and HSBC Bank USA (HBC) said they were hit by a new round of cyber attacks, marking the fifth week of sustained assault on some of the largest U.S. financial institutions. The banks’ websites have been disrupted with so-called denial of service attacks, some of which originated in Iran and Russia, Carl Herberger, a vice president for the network security firm Radware Inc., said in a phone interview yesterday.
Researchers have noted an increase in spear phishing targeting numerous industries, primarily in the United States, where malware evades detection by hiding inside Windows help (HLP) files attached to emails.
In a move first confirmed by CRN in September, Cisco will cease development of its Application Control Engine (ACE) load-balancer products, effectively leaving behind a major piece of its Layer 4-7 switching/application delivery networking strategy. Naturally, Cisco's biggest competitors in the ADN space are pouncing on the opportunity to gain market share, and while Cisco's isn't exactly market-crushing -- it has a roughly 11 percent share, according to most analysts -- it's hardly inconsequential.
A variant of the malware that affected US banks in September has been located in laboratories in Saudi Arabia, according to a report by HITC Business.
While Radware, which found the malware, said it is different to that used in the wild, it said it cannot determine if it was just found in Saudi Araia as coincidence.
Security professionals have recently learned that a cartel of Russian hackers is planning to launch a separate attack aimed at stealing money from about 30 U.S. financial institutions, an apparent attempt to piggyback and capitalize on the ongoing cyber attacks on U.S. banks.
The distributed denial of service attacks against financial institutions continue, with Capital One, SunTrust, and Regions Financial being the latest victims.
Capital One Financial Corp was targeted on Tuesday in the latest round of coordinated attacks to disrupt the Websites belonging to major U.S. financial institutions, a spokesperson said in a statement. SunTrust was hit by a DDoS attack on Wednesday. As of Thursday afternoon, SecurityWeek was unable to access Regions Financial.
Who's behind the recent online attacks against multiple financial institutions including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo? In recent weeks, all have bit hit by large-scale distributed denial-of-service (DDoS) attacks. Cue website outages and customer outrage. A self-described hacktivist group, the Cyber fighters of Izz ad-din Al qassam, has taken credit for organizing the related Operation Ababil, which it claims is a grassroots campaign to protest the recent release of a film that mocked the founder of Islam. But as information security researchers review the attacks and tools used, they're finding that the claims made by the supposed hacktivist group don't all appear to add up. Here are seven facts about what's currently known about recent and forthcoming banking attacks.
How were amateur hackers able to take down some of America’s largest banks? And who were they? Those were some of the bigger mysteries of last week’s cyberattacks on Wells Fargo, U.S. Bank, PNC, the New York Stock Exchange and others, that caused intermittent Internet outages and delays in online banking. A group claiming Middle Eastern ties, the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks online. They claimed to have taken the Web sites down using basic online applications. But security researchers said those methods were far too amateur to have been effective.
New details have emerged about the attack toolkit that was used to launch the distributed denial of service (DDoS) attacks against a number of US-based financial institutions late last month.
The majority of the banking attack traffic does not appear to have been generated by client bots, but rather from compromised servers in data centers, Carl Herberger, vice-president of security solutions at Radware, told SecurityWeek on Thursday.
The “itsoknoproblembro” toolkit did not compromise those servers in the first place, as Radware believes the servers were already under the attacker's control before being infected with the DDoS attack kit, Herberger said.
Security professionals investigating the cyber attacks that crippled the websites of U.S. banks last month have discovered the tools at the heart of the attacks are more complex than previously thought and have also been found in Saudi Arabia. The findings from security firm Radware (RDWR: RADWARE) suggest the attacks -- which are ongoing -- may be harder to stop than had been hoped.
As long as human intelligence remains an unsolved mystery, we cannot expect a security system to provide us with a complete solution... Over the past few years the market has developed new expectations from the network and applications security industry. One of the most challenging expectations is that information security systems be able to not only detect attacks, but also prevent or mitigate them in real-time. This demand forces systems to be more independent from the human factor. Not relying on the human factor means that operations that were usually conducted by the security expert need now to be performed automatically by the systems themselves.
NEW YORK (CNNMoney) -- There's a good chance your bank's website was attacked over the past week. Since Sept. 19, the websites of Bank of America (BAC, Fortune 500), JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence. Thursday's victim, PNC's website, was inaccessible at the time this article was published.
When it comes to cyber security, banks and stock exchanges get the bulk of the attention, because that’s where the money is.
But don't overlook the massive targets painted on the backs of energy companies, which play a crucial role in the global economy and could be hit by anyone from capitalism-hating hacktivists to state-owned rivals in China and Russia.
These cyber criminals delivered a thunderous wake-up call about this mounting threat when they attacked the computer network of Saudi Arabia’s state-owned oil company over the summer in a move that showed off their growing capabilities.
Radware’s ERT releases a threat alert regarding a new Trojan malware that sends sensitive user information out of the organization. Radware’s Emergency Response Team (ERT) research Lab released a threat alert regarding a newly discovered Trojan Key Logger named Admin.HLP that was detected today for the first time within one of its customer’s servers. Admin.HLP, is malicious software that monitors keystrokes on the victim’s computer, collects user passwords, credit card numbers and other sensitive information. Then it sends all the stolen data out of the organization to the attackers’ remote servers over secured HTTPS connection.
A new data-stealing trojan has turned up on the systems of one of Radware's customers, according to researchers at the network security firm. Researchers said Tuesday that the malware, dubbed Admin.HLP, is designed to log keystrokes and remotely send passwords, credit card numbers and other private information to an attacker-owned server. The trojan gets its name because it hides from detection inside a Windows help file and then is attached to emails. Once installed on a target's machine, it configures the Windows startup process so the trojan runs each time the computer reboots. It is unclear how widespread the threat is, or which organizations it may be targeting. A request for comment was not immediately returned.
Radware Discovers “Admin.HLP” - A New Keylogger Used in Targeted Attack Security researchers from Radware have discovered a new Trojan Key Logger named “Admin.HLP” that they say captures sensitive user information and attempts to export it to a server in a remote location.
The first thing that comes in mind when hearing about another lethal denial-of-service attack is the volume of traffic that the attackers sent in order to take down the service, or to flood the network of the victim. However, recent attack trends reveal an emerging threat of DoS attacks by low and slow attack tools.
The cybersecurity marketplace is flooded with products that tout the ability to keep networks and computers safe from intruders.
A few weeks ago at the Aspen Security Forum, Gen. Keith Alexander, National Security Agency director, said the number of attacks against America's critical infrastructure increased seventeenfold between 2009 and 2011. Now as much as ever, some argue, a gap exists between the protection capabilities of today's enterprises and the penetration capabilities of modern attackers.
A Solid Cyber Counterattack Plan Should Be Based on The Pre-defined Actions Associated With Each Attack Tool’s Weakness In Part One of this column, I covered the concept of making a counterattack a key component in company’s IT defense strategy due to its ability to reverse the power relationship in favor of the defenders. To be effective in a counter attack, defenders ideally would like to get as close as possible to each attacker and neutralize his ability to generate the attack traffic, thus cleaning the “bad” traffic end to end – a very effective way to neutralize DDoS attacks. So what techniques should the counterattack contain? Effective cyber counterattacks should include the following steps: • Detect and block the attack. • Identify the attack tool. • Locate weaknesses in the attack tool in real-time or based on previous information. • Launch a counterattack that exploits the attack tool’s weakness. • Slow down or completely neutralize the attack tool.
Security firm Radware claims to have spotted evidence online that suggests hactivist group Anonymous is gearing up to target denial-of-service attacks on the websites of British companies BT and GlaxoSmithKline during the Olympics, and maybe do much more.
Data center and network security managers face an increasing variety of threats, including network downtime, application downtime, application vulnerability, information theft, authentication defeat, malware spread, Web application attacks and Web defacement. Security managers are required to install various detection and protection tools in order to combat the increasing threat landscape.
Any competent military commander knows that when put in a defensive position, defense forces are never be able to withstand long and sustained offensive attacks. The assumption that the front line of defense will eventually be breached is also true in the realm of the information security battle of defense.
As an IT defender who protects with network security products, you may never feel confident that your solutions will provide sufficient security protection under all circumstances. The cyber enemy may try and surprise you in so many ways and, if he is persistent and intelligent, will eventually find an attack for which you weren’t prepared. Doubtless, this is exactly where the enemy will focus his efforts. The attack will concentrate on that weakness in order to wear you down and penetrate through all your defense layers.
The cybersecurity marketplace is flooded with products that tout the ability to keep networks and computers safe from intruders.
They often come bearing watchful monikers that include words like eye, witness, guard and shield. But industry isn’t just throwing products out there blindly. The marketplace’s growth is the direct result of threats from Chinese and activist hackers, as well as a global shift to mobile computing, experts said.
Every new hack prompts the creation of a new defense mechanism. And the growing persistence and sophistication of attacks is even forcing industry to look beyond traditional defense.
Radware announced FastView™, a new Web Performance Optimization (WPO) technology integrated into Radware’s Alteon® application delivery controllers (ADC), which significantly accelerates the response time of both Web portals and internal mission-critical applications. Targeted at e-Commerce, e-Retail, Web portals, online financial services and other online businesses, Radware’s FastView enhances the Alteon platform’s application acceleration capabilities resulting in maximum business impact including more page visits, higher customer loyalty, more returning customers, higher conversion rates, and higher revenues. Various market studies on Websites of major corporations show that even a one-second faster page response time delivered an average 11 percent more page views per month, 5 percent more revenue, and 4 percent higher customer satisfaction during the same period. FastView delivers WPO best practices out-of-the-box while eliminating the overhead of manually optimizing the application or changing infrastructure to reduce efforts and costs. Unlike other acceleration technologies, Web applications perform significantly faster with FastView starting at the very first page visit. It provides a fast acceleration for Web pages accessed for the first time, as well as for previously visited pages for all users running any browser on any end-user device.
We all know Aesop's fable about the wolf in sheep's clothing and the moral that appearances can be deceiving; but did you know that the wolf's first victim was the lamb that belonged to the sheep whose pelt the wolf wore?
Because the pelt was familiar, trusted and it was only natural to follow it, the lamb naively trotted off with the wolf far from the safety of the flock.
Exploiting processes based on the familiar, the trusted, and the normal is the theory behind most cyber attacks that rely on some kind of social engineering, including the now infamous Flame malware.
Radware Ltd. (RDWR) (RDWR) surged the most in a month in New York after the Israeli technology company said it entered a partnership with Check Point Software Technologies Ltd., the world’s second largest security network maker. Radware, the Israeli
Check Point Software Technologies Ltd. today announced its first line of products to fight distributed denial-of-service attacks (DDoS). Check Point's DDoS Protector line of appliances, developed in conjunction with Radware, are intended for use in the enterprise networks, and would typically be placed in front of the firewall at the Internet access point, says Fred Kost, head of product marketing at Check Point. The new Check Point anti-DDoS line is being offered as seven different appliances in two basic form factors, a two-rack unit and a one-rack unit. These appliances all have similar functionality in terms of DDoS defense and are differentiated in performance areas such as speed, starting at 500Mbps and topping out at 12Gbps.
Check Point Software (NSDQ:CHKP) Technologies, Ltd. has introduced a new line of security appliances designed to fight distributed denial of service (DDoS) attacks that disrupt IT functions by overloading traffic on the network. “DDoS attacks have become a lot more commonplace with the pervasiveness of botnets,” said Check Point President Amnon Bar-Lev. “They are also becoming much more application-specific. Most solutions on the market today focus on stopping denial-of-service at the ISP. This strategy is expensive, plus it’s not fully adapted to the customer’s specific site or circumstances.” Developed in conjunction with Radware, Check Point’s new line of "DDoS Protector" appliances use multi-layered protection and up to 12 Gbps of throughput to block all major attack types such as network floods, server floods, application-layer DDoS attacks, as well as low-and-slow attacks.
Do you know the most common infrastructure device to fail during an attack on a business' availability?
How would you respond if you experienced an Application Layer 7 security attack?
Are you familiar with legitimate attack vectors for volumetric attacks?
If you can answer these questions you may not only demonstrate an in-depth knowledge of cyber attack mitigation, but also be ready to start a five-week journey to become a network security sensei by taking the Attack Mitigation Black Belt Challenge announced today by Radware (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers.
Developed with Radware, seven appliances have been launched to offer low latency, up to 12Gbps throughput and high port density of up to 16 ports.
National Harbor, Md. -- Cracks in the foundation of the Internet infrastructure are leaving organizations prone to potentially dangerous attacks, a pair of Gartner security analysts said here yesterday. "The basic underpinnings of the Internet -- BGP, DNS, and SSL -- we take for granted they were built in much friendlier times when friendly people wanted to communicate with friendly people. The Internet was built to be survivable, not trustable," said John Pescatore, vice president and research fellow for Gartner Research. "There are still major fractures we are seeing that need to be addressed."
CIOs are at the mercy of software vendors where cybersecurity is concerned, and need to turn the tables. This is particularly true of vendors of software-as-a-service, which host the software used by customers. If company data is stolen as a result of a successful cyber attack, the CIO is sure to take the blame, even if the attackers used vulnerabilities in software the CIO had nothing to do with developing.
It's no secret that the threat landscape is constantly evolving. While the security industry is on their toes, adapting to new challenges that surface on a daily basis, many companies still haven't addressed their information security, leaving their sensitive data and other essential enterprise applications vulnerable to attacks. In this video interview, Dan Kaplan, executive editor of SC Magazine, sits with Roy Zisapel, president and CEO of Radware, to discuss how enterprises can defend their mission-critical applications.
The move to IPv6 will end shortage of IP addresses, starting on IPv6 Launch Day, but security issues remain Wednesday is World IPv6 Launch Day, the deadline for major service providers to cut-over to the new IP protocol, which could potentially help to lure the rest of the world to move in that same direction. In some respects, the deadline is seen as a non-event since many of the organizations required to cut over to v6 have done so long ago. *This article contains commentary by Carl Herberger as a result of an interview about IPv6 day with CRN last week
Companies worried about the security of their data in the cloud have generally taken the obvious steps to protect their most valuable information, including encrypting sensitive data and using strong authentication to prevent access. Yet there are a number of less obvious ways of leaking information, and ongoing research has shown that customers of cloud services -- even cloud security services -- need to worry about their data. For example, identity and access management systems may lock down a user's password and credentials, but miss the fact that the resource accessed and the frequency with which its accessed is valuable information. In other cases, API calls to a service can carry information about which features a company is accessing as well as other details. These so-called "side-channel attacks" in Web services are not new, but with the popularity of cloud services, they are becoming more serious, says Carl Herberger, vice president of security solutions for cloud-application security provider Radware.
A group of hackers claiming to be aligned with Anonymous is planning to bring down the websites of 46 major companies around the world on Friday, including Bank of America (BAC: 6.98, +0.15, +2.20%), Apple (AAPL: 556.97, -4.31, -0.77%) and Wal-Mart (WMT: 63.73, +0.69, +1.09%).
The official launch date for IPv6 is right around the corner, making June 6 famous for even more than the historic WW II invasion of Normandy. It might make the invasion of your customers’ networks more possible than ever before. The higher threat level, according to Carl Herberger, vice president of security at Radware, lies in the fact that while IPv6 will be the new standard at the wide area, the local area will continue to be the near exclusive domain of IPv4. And since the two versions were not designed to co-exist, there are some gaping holes in security.
Imagine that you could improve your users’ quality of experience while reducing your costs. Mobile operators are striving to satisfy the growing community of mobile data users and applications. Many analyst predict demand in mobile data traffic will increase tenfold in the next 4 years, with most of this growth driven by video. In fact, the past year has seen mobile broadband subscriptions grow by 60 percent, with growth projected from 900 million in 2011 to almost 5 billion in 2016.
Radware, which makes application delivery and application security solutions for virtual and cloud data centers, has announced it is collaborating with IBM to deliver increased business agility, mobility, and cost-effective integration of virtual application delivery controller (ADC) solutions for customers building applications with IBM SmartCloud.
Radware Ltd. (RDWR), the Israeli technology company trading at double valuations relative to the Nasdaq telecommunications index, rose to a two-week high in New York after receiving orders from social networking companies.
Radware has announced it has joined the Open Networking Foundation (ONF), a non-profit organization dedicated to promoting a new approach to networking called Software-Defined Networking (SDN).
As security threats and technologies have evolved over the years, the line between physical and IT security has also begun to blur. Indeed, CSOs and CISOs at many organizations now wear dual hats as their duties have become more intertwined. While financial motives primarily drove hacking attacks throughout the 90s and much of the 2000s, Carl Herberger, vice president of security solutions at Radware, says there has been a significant shift towards "hactivism" over the last two to three years.
The Internet didn't go dark on Sunday. A threat, first made in mid-February, had warned that the chaos-loving hacktivist collective Anonymous would take down the Internet for April Fool's Day under the banner of "Operation Blackout." The stated plan was to overwhelm the world's 13 domain name system (DNS) root servers with junk traffic, preventing Web users from reaching most websites. As recently as Thursday, a new Pastebin post suggested that a Trojan application would handle the junk traffic, which would attempt to take down the DNS servers down for at least two minutes. "[ 13 root servers ] * BOOYAH," it promised.
Carl Herberger, vice president for security at Radware, has more respect for the ingenuity of the hacktivist collective, which he says has proven resourceful in directing new and nuanced techniques against familiar vulnerabilities. That, plus a lack of attention to vulnerabilities in the Domain Name System that Anonymous says it will target, makes the group dangerous, he said. “If they do it, I’ll be surprised,” Herberger said. “But not majorly surprised. I would be shocked if there were no outages.”
Will the hacker group Anonymous make good on its threat to take down the Internet Saturday? Probably not. But it could slow it down, according to a number of security experts. And it may depend in part on how unified Anonymous is about the attack -- there are some indications of divisions within the group. Anonymous has threatened retaliation for the arrests of about 25 of its members last month, and is also focused on what its members believe is a continuing threat by Congress to censor the Internet through revised versions of the Stop Internet Piracy Act (SOPA) and the companion Senate bill called the Protect IP Act (PIPA), even though the legislation was put on hold in January. And it is essentially daring anyone to stop Operation Global Blackout. While two of the basic rules of hacking are: Don't tell your target in advance and don't give away your methods, Radware security vice president Carl Herberger says the announcement is a classic Anonymous tactic.
Due to the phenomenon of more and more data and video traveling over telecom networks, operators need to protect and optimize their data services, noted Radware’s (RDWR) David Aviv during a conversation with RCR Wireless News. Aviv noted that the company is focusing at this week’s Mobile World Congress event on two solutions: DefensePro and its strategy of mobile service edge (MSE) solution. Radware noted that the approach of MSE is to target high-end mobile operators by enabling them to address the challenges resulting from the dramatic growth of mobile data and wireless services while evolving towards 4G/LTE and the introduction of new data center architectures required to run services, networks and IT infrastructure more effectively.
The 2011 Global Application and Network Security Report issued earlier this month by application delivery and security vendor Radware found that 76% of DDoS attacks were less than 1 Gbps in bandwidth in 2011, with only 9% of DDoS attacks over 10 Gbps. The report -- which analyzed 40 DDoS cases from various enterprises -- also noted that 56% of DDoS attack types were application-oriented rather than network-focused.
Distributed-denial-of-service (DDoS) attacks have become a favorite weapon of hacktivists in the past several years, and especially recently. But while such attacks are typically launched from an army of PCs, researchers at McAfee have found a new app for Android that ports the infamous low orbit ion cannon (LOIC) tool over to mobile devices.
They're "security myths," oft-repeated and generally accepted notions about IT security that arguably are simply not true -- in order words, it's just a myth. We asked security experts, consultants, vendors and enterprise security managers to share their favorite "security myths" with us.
We're barely six weeks into 2012, and the year is turning out to be one of the worst for cyberattacks in recent memory. Here are a few reasons why.
Application layer DDoS attacks are smaller than traditional network-based attacks, which try to exceed the available bandwidth. Organizations need to handle them differently.
Small-scale targeted distributed denial of service (DDoS) attacks can cause more damage to an organization that large-scale bandwidth-gobbling attacks, concludes a recent report by application security provider Radware.
Nowadays you don't even need to stand up to participate in a protest. You just need to find an e-flyer from a group of Internet activists, like Anonymous, that explainins the target, the cause, and a simple set instructions for downloading an cyber-attack tool which, when used en masse, can disable the computers and servers of major corporations
A DDoS attack is a sort of cybernetic pile-on in which malicious hackers take down a website by drowning it in artificially elevated levels of traffic. They're commonly used by cybercrooks. But a recent study suggests DDoS hits are now a tactic more often employed by politically motivated hacktivists, rather than thieves.
Preventing distributed denial of service attacks may be impossible. But with advance planning, they can be mitigated and stopped. Learn where to begin.
Three DDoS reports published this week reveal how more powerful attacks are becoming the norm, that hacktivism is the main inspiration now rather than extortion and anyone can be a victim, not just high profile organizations. Arbor Networks, Radware,
Application delivery and application security solutions provider Radware (Nasdaq:RDWR) published on Monday its "2011 Global Application and Network Security Report", a compilation of security findings providing a view of the state of cyber security worldwide.
Contrary to conventional thinking that large bandwidth cyber attacks wreak the most damage on enterprises, security experts at Radware instead found that bigger problems usually come in small packages.
DDoS attacks have made their fair share of headlines over years, most recently as hacktivists took down multiple Government Web Sites and Music industry sites in response to the takedown of file sharing site MegaUpload. But when it comes
People often think that Distributed Denial of Service (DDoS) attacks-you know like the ones that knocked the Department of Justice, the Recording Industry Association of America (RIAA), Motion Picture Association of America (MPAA), and Universal Music recently–require hundreds of attackers generating gigabytes of traffic per second to pound a Website down into the ground.
Radware said that its Alteon 5224 application delivery controller (ADC) for enterprises delivers new levels of performance, on demand throughput scalability, and port density for its class, while offering 10GE connectivity and ADC virtualization capabilities
In tandem with the increasingly anti-capitalistic ideology of cyber evildoers, the digital target on the New York Stock Exchange and Nasdaq Stock Market appears to have grown in recent months.
Hacktivist collective Anonymous has made joining a denial-of-service attack as easy as clicking a link on a Twitter post, making it possible to gather an army of unwitting participants.
Hackers have been luring computers into the attack with malicious links on Twitter, says Carl Herberger, a vice president for security solutions at Radware.
Monday, Jan. 16, denial-of-service attacks temporarily shut down the websites of the Tel Aviv Stock Exchange and El Al Airlines, according to Israeli newspaper Haaretz, which the next day reported Israeli hackers retaliated by bringing down the Saudi and UAE stock exchange websites.
In the wake of 24 million customer passwords getting stolen in the Zappos.com hack, the IT security world is warning enterprises not to be lax about breaches of any kind. It's a black eye for the Amazon-owned property, and it may point to a new round of malicious hack attacks. So far, Zappos is being tight-lipped about the root cause of the attack.
The Arab-Israeli conflict is normally fought with Katyusha rockets and Merkava tanks, but the conflict’s latest weapon is a botnet. On Monday of this week, a group of hackers known as Nightmare attacked the websites associated with Israel’s stock exchange, its two largest banks, and the national airline, El Al. In messages to the Israeli media, the hackers demanded that Israeli leaders apologize for the occupation of Palestinian lands.
By the end of 2012 we are going to see cloud and next-generation datacenter networks transforming into complete logical entities that can be customized and managed through an abstraction layer, which will make networks more “open.”
Fujitsu is reportedly working on a malware designed to track and disable systems behind a cyber-attack for the Japanese government.
In the pre-Anonymous world when life was simpler, most cyber attacks were opportunistic in nature, carried out by cyber criminals who just wanted to make a quick buck. Today, Corporate America is scrambling to shift its virtual shields in response to a sweeping change in the motive behind cyber attacks that is being been driven by the rise of "hacktivist" groups like Anonymous.
The ongoing investment in virtual and cloud technology will only deliver half of its potential return if to merely increase operational efficiency. Equally important is the improvement in data flexibility and overall productivity.
Cyber Crime has shifted in recent years from financial or informational hacks to vigilante hactivism. Today’s hackers might break into a secure system or launch a DDoS attack for traditional reasons, but more than ever, attacks against businesses that didn’t behave within the hackers’ sets of ideals are becoming commonplace.
Cyber Monday holiday shoppers beware -- scammers can be lurking with bogus websites and fake emails to separate you from your money or even your identity.
When you get right down to it, the cloud is not entirely about advanced technology, massive scalability or remaking data infrastructure. At its heart, the cloud is intended to improve application and data delivery.
Cyber Monday, that day where all good Americans will sit at their computers and shop until their fingers are numb, is expected to rival sales for Black Friday, our traditional shop-til-you-drop frenzy.
Radware, a provider of application delivery and application security solutions for virtual and cloud data centers, announced the first application delivery fabric for the ITaaS economy.
Application delivery and security specialist Radware is announcing the next step in its Virtual Application Delivery Infrastructure (VADI) strategy, including new application delivery controller (ADC) platforms, enhanced data center management and orchestration interoperability, hypervisor support, and new AppShape technology to provide "the industry’s first application delivery fabric.
Application delivery solutions provider Radware has announced the next phase of its Virtual Application Delivery Infrastructure (VADI) strategy featuring new application delivery controller (ADC) platforms, enhanced data center management and orchestration interoperability, complete support for leading hypervisors, and new AppShape technology to provide the industry's first application delivery fabric.
According to Eitan Bremler, director of product marketing, virtualization, and cloud solutions at Radware, organizations are implementing data center consolidation strategies in order to reduce costs and improve availability and resilience of their data centers.
SC Magazine Managing Editor Greg Masters chats with Carl Herberger, vice president of security solutions at Radware, about the risk posed by politically and ideologically motivated attacks, known as hacktivism.
Imagine you are able to virtually align your data center with your business needs with the click of a button. Let’s try illustrating how this would be like. Suppose you are a cloud service provider. You would hit a button that asks to create a specific application for your own organization, or for one of your customers.
A hacker group has released a proof-of-concept tool that exploits how encryption keys can be renegotiated to launch a distributed denial of service attack against Secure Sockets Layer servers.
To protect users against the new wave of sophisticated cyber attacks, Radware (News - Alert), a provider of application delivery and application security solutions for virtual and cloud data centers, has released Radware Attack Mitigation System (AMS).
Radware AMS offers anti-DoS, IPS, Web application firewalls, SIEM, reputation engines, signature detection and network and application behavioral analysis in a single product
Radware has launched an attack mitigation system (AMS) to detect and defend against attacks in real time.
Radware (RDWR) announced a powerful, new solution that allows VMware vCloud Director users to simplify provisioning of virtual applications to include virtual ADC resources.
TMCnet recently had the chance to speak with Sharon Trachtman, vice president of global marketing at Radware.
Even though the FBI started serving search warrants and arresting people suspected in participating in the Anonymous' "Operation Payback" way back in January, it is only after last week's arrests that it began to be clear that the FBI is not randomly knocking on doors of people who used the PayPal site at the time of the attack
While you might be wondering where the Untouchables are getting the names and addresses of Anonymous hackers it is arresting, it turns out that it is from a shopping list given to them by Paypal.
It turns out there’s a method behind the FBI’s raids of suspected Anonymous members around the country. The bureau is working from a list, provided by PayPal, of the 1,000 internet IP addresses responsible for the most protest traffic during Anonymous’ DDoS attacks against PayPal last December.
While data centers that house cloud computing infrastructure do require a large amount of electricity to run systems and provide cooling, there are efficiencies to be found, such as consolidation of services, according to Eitan Bremler, product marketing manager for virtualization at Radware. “In our experience, cloud service providers are cost-driven and are incented to reduce electrical consumption from infrastructure and cooling costs,” he says. “Therefore, technologies that can provide more with less, like infrastructure virtualization, can help [keep energy costs down].”
To accommodate its growing customer list, Access Northeast, one of the largest privately-held data center managed services providers in New England, has completed building a new 10,000 square-foot raised floor project and also signed a long-term lease for another 40,000 square feet of space.
VMware Web services plug-ins released this month could speed integration between users’ homegrown or third-party applications and vCenter Orchestrator. This week, VMware also released a new vCenter Orchestrator connector for its service desk product, VMware Service Manager, and Sayar said integration with more third-party service desk and change management database applications are on the roadmap.
Starting December 7th 2010, WikiLeaks’ supporters initiated distributed denial of service (DDoS) attacks against online businesses and financial services. They were retaliating against efforts to comply with US government pressure to block assistance and funding to the organization. Although the sites being attacked had network security, most failed to mitigate the multi-vector attacks. Why did they fail and what can we learn from the episode?
The marking of World IPv6 Day yesterday has drawn fresh attention to the next generation Internet addressing protocol, as well as to the security considerations that enterprises will need to deal with as they migrate to it.
Ron Meyran, director of Security Marketing at Radware, pitched this idea to me, and he's right on. The transition period to IPv6, Meyran says, will be especially dangerous because there's no way the security products will be mature enough to handle the environment. Another good example of this is the transition period. Everyone has always known that the transition period would not involve throwing a big switch and moving from all IPv4 to IPv6.
Today marks a significant day in the history of the web, though you might be forgiven for not noticing. It is the day the world tests IPv6. Granted it isn’t up there with the World Cup final, or the
Network engineers all over the globe are focused on the rapidly dwindling number of IPv4 addresses and the upcoming IPv6 compliance test. What they are not as concerned with, believes Radware (News - Alert), is the host of network security concerns that could accompany this changeover.
Wednesday’s 24-hour worldwide test of IPv6, the next-generation Internet addressing standard, is sure to yield valuable data and some unexpected results. Government agencies and other public entities that are participating in World IPv6 Day could also see some effects, such as citizens who have trouble accessing public-facing websites.
Hundreds of popular websites -- including Google, Facebook, Yahoo and Bing -- are participating in a 24-hour trial of a new Internet standard called IPv6 on June 8, prompting worries that hackers will exploit weaknesses in this emerging technology to launch attacks.” In the last five months, there has been a huge increase in DDoS attacks," says Ron Meyran, director of product marketing and security at Radware.
Financial services have become resilient in protecting themselves against most security breaches. ‘Hacktivism’ – the new term referring to hackers wishing to make a point rather gain financial benefits - has a different agenda in mind. Lorna Davies explores the truth behind the headlines. The hacktivist activity poses several threats to the card payments industry.
The Trends and Requirements of Mission-critical Applications: Today, most large organizations are strongly dependent upon various business applications such as CRM, ERP, unified communications (e.g. VoIP and mail) and others that streamline and empower many aspects of their business. The performance and availability of these applications directly affect employee productivity and their ability to effectively achieve business goals.
A leading provider of integrated application delivery solutions for business-smart networking, Radware stated that its application delivery controller (ADC) solutions -- AppDirector, Alteon and Alteon VA -- have been qualified for interoperability with Microsoft Exchange Server 2010
The concept of Distributed Denial of Service (DDoS) attacks has entered the mainstream public consciousness after huge websites like Change.org, WordPress, and several government and news websites from different countries have recently been victims to a series of attacks.
Radware has just announced the introduction of ADC-VX OS 28, which the company claims is the next phase of its Virtual Application Delivery Infrastructure (VADI) strategy. Radware provides the industry's first Virtual Application Delivery Infrastructure (VADI), which transforms computing resources, ADC and virtualization services into an integrated, agile and scalable Application Delivery Virtualization Infrastructure, the company claims.
Application-layer attacks have become the No. 1 security concern of businesses, according to a recent study by Arbor Networks. Anonymous used application-layer attacks late last year in an attempt to bring down Amazon.com, MasterCard, PayPal, Visa and others that played a part in trying to stop WikiLeaks’ online operations following the site’s infamous release of U.S. government communications with other countries
The growing use of mobile devices and in-the-cloud services poses new challenges for IT managers: perimeter security is no longer effective – one need’s to look for new solutions that rely on behavioral analysis and the human factor.
Web 2.0 applications are an emerging target for attacks, Ron Meyran, director of security products at Radware, told me recently. And we've been seeing an unprecedented number of DDoS attacks lately. Specific industries that Radware noted as targets include large financial institutions, service providers, government financial regulatory entities, non-affiliated technology infrastructures and critical infrastructure (e.g., electric, gas, Internet service providers and national power grid providers).
Radware, a provider of integrated application delivery solutions for business-smart networking, today announced that P&T Luxembourg, the leading postal and telecommunications services operator in Luxembourg, has selected Radware’s new ADC-VX™, the industry’s first Application Delivery Controller (ADC) hypervisor to provide the agility and scalability features that are needed to cost-effectively build and support private and public cloud services.
Radware, a provider of integrated application delivery solutions for business-smart networking, announced that P&T Luxembourg, a postal and telecommunications services operator in Luxembourg, chose Radware's new ADC-VX. ADC-VX is an Application Delivery Controller (ADC) hypervisor to offer agility and scalability features which assist businesses. Businesses are looking at cost-effective solutions to build and support private and public cloud services.
In the wake of the attacks by the hacker collective Anonymous on Sony and on Livejournal, more attention has been focused on just what such attacks mean and how to defend against them. Most attacks on the Web come
In addition to traditional requirements such as meeting mission-critical applications’ service level agreements (SLA), ensuring high Quality of Experience (QoE) and supporting traffic capacity growth, today’s data centers are going through major technological and business transformations to improve IT utilization and reduce CAPEX and OPEX.
Radware, provider of integrated application delivery solutions for business-smart networking, has announced that Papa John's, the world's third largest pizza company, is using Radware's AppDirector, LinkProof, and DefensePro solutions to increase the performance and efficiency of its worldwide e-commerce network. Over 25% of all global food and beverage revenues come from orders placed via online or mobile device transactions; to date, generating $2 billion.
Based on its research on the rash of DDoS attacks by hacktivists in recent months, Radware is advising financial institutions, utility companies and ISPs to be on the alert for attacks on their websites in the near future. The networking security specialist says that March has been the busiest month on record for hacktivist attacks, with March 3 seeing an attack on Korean e-commerce and government sites, followed by an attack on Wordpress.com a day later.
Radware’s CEO, Roy Zisapel meets with forbes.com journalist Mia Saini to discuss what drives Radware business, CIO needs, highlights of the virtualization market and the company’s solutions.
When a business transaction over the Internet is worth a few thousand or more, one thinks twice before suspending any kind of traffic to the website, even if, in some cases, these transactions are highly susceptible to a cyber attack. How much money a business may lose as a result of the wrongful implementation of a security measure is "precious" information that every network manager would know to appreciate.