Search results

Robert Bigman is uniquely equipped to share actionable tips for hardening your network security against vulnerabilities Don’t miss this opportunity to learn the latest threats and how to handle them Webinars 1,2,3 punch on Network Segmentation The zero-trust network layer is a best practice to use when securing application connectivity. However, achieving zero trust for your organization requires multiple tools that work together. Join us for a conversation about: – Creating zero-trust in networks. – Integrating application connectivity with cloud, SDN, and on-prem network security controls. – Maintaining the network and micro-segmentation in harmony. June 8, 2022 Marco Raffaelli Akamai Asher Benbenisty Director of product marketing Relevant resources Defining & Enforcing a Micro-segmentation Strategy Read Document Building a Blueprint for a Successful Micro-segmentation Implementation Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Silos hurt security NetworkSecurity is the responsibility of both NetOps SecOps In this panel with Cisco, Conscia AlgoSec security experts, we’ll share how to bring the teams together Webinars Bridging NetOps and SecOps: An Experts’ Panel Silos hurt security. Your network and its security are not managed by just one team. It is the responsibility of both NetOps and SecOps, but these teams don’t always play well together. In this security experts’ panel, Doug Hurd from Cisco, Henrik Skovfoged from Conscia, Oren Amiram and Tsippi Dach from AlgoSec will share how you can bring NetOps and SecOps teams together with Cisco ACI, Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec. Discover how NetOps and SecOps teams can: Bridge the NetOps/SecOps divide, improve communication, and break down the silos between network and security. Align network, security, and business application owners Improve the entire network security with Cisco Secure Workload and firewall management Automate tasks and gain network traffic visibility of networks and security controls for threat detection, analysis and response across Cisco ACI and the entire hybrid and multi-vendor network. March 16, 2021 Alex Hilton Chief Executive at Cloud Industry Forum (CIF) Tsippi Dach Director of marketing communications Relevant resources Cisco & AlgoSec achieving application-driven security across your hybrid network Keep Reading DevSecOps: Putting the Sec into the DevOps Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

A ZeroTrust network architecture mitigates risk by only providing the minimally required access to your network resources But implementing it is easier said than done Webinars Micro-segmentation – from Strategy to Execution Organizations heavily invest in security solutions to keep their networks safe, but still struggle to close the security gaps. Micro-segmentation helps protect against the lateral movement of malware and minimizes the risk of insider threats. Micro-segmentation has received lots of attention as a possible solution, but many IT security professionals aren’t sure where to begin or what approach to take. In this practical webinar, Prof. Avishai Wool, AlgoSec’s CTO and co-founder will guide you through each stage of a micro-segmentation project – from developing the correct micro-segmentation strategy to effectively implementing it and continually maintaining your micro-segmented network. Register now for this live webinar and get a practical blueprint to creating your micro-segmentation policy: What is micro-segmentation. Common pitfalls in micro-segmentation projects and how to avoid them. The stages of a successful micro-segmentation project. The role of policy change management and automation in micro-segmentation. Don’t forget to also click on the links in the Attachments tab. July 7, 2020 Prof. Avishai Wool CTO & Co Founder AlgoSec Relevant resources Microsegmentation Defining Logical Segments Watch Video Micro-Segmentation based Network Security Strategies Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Tsippi Dach, Director of Communications at AlgoSec, explores the relationship between NetOps and SecOps and explains why they are the... DevOps The importance of bridging NetOps and SecOps in network management Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 4/16/21 Published Tsippi Dach, Director of Communications at AlgoSec, explores the relationship between NetOps and SecOps and explains why they are the perfect partnership The IT landscape has changed beyond recognition in the past decade or so. The vast majority of businesses now operate largely in the cloud, which has had a notable impact on their agility and productivity. A recent survey of 1,900 IT and security professionals found that 41 percent or organizations are running more of their workloads in public clouds compared to just one-quarter in 2019. Even businesses that were not digitally mature enough to take full advantage of the cloud will have dramatically altered their strategies in order to support remote working at scale during the COVID-19 pandemic. However, with cloud innovation so high up the boardroom agenda, security is often left lagging behind, creating a vulnerability gap that businesses can little afford in the current heightened risk landscape. The same survey found the leading concern about cloud adoption was network security (58%). Managing organizations’ networks and their security should go hand-in-hand, but, as reflected in the survey, there’s no clear ownership of public cloud security. Responsibility is scattered across SecOps, NOCs and DevOps, and they don’t collaborate in a way that aligns with business interests. We know through experience that this siloed approach hurts security, so what should businesses do about it? How can they bridge the gap between NetOps and SecOps to keep their network assets secure and prevent missteps? Building a case for NetSecOps Today’s digital infrastructure demands the collaboration, perhaps even the convergence, of NetOps and SecOps in order to achieve maximum security and productivity. While the majority of businesses do have open communication channels between the two departments, there is still a large proportion of network and security teams working in isolation. This creates unnecessary friction, which can be problematic for service-based businesses that are trying to deliver the best possible end-user experience. The reality is that NetOps and SecOps share several commonalities. They are both responsible for critical aspects of a business and have to navigate constantly evolving environments, often under extremely restrictive conditions. Agility is particularly important for security teams in order for them to keep pace with emerging technologies, yet deployments are often stalled or abandoned at the implementation phase due to misconfigurations or poor execution. As enterprises continue to deploy software-defined networks and public cloud architecture, security has become even more important to the network team, which is why this convergence needs to happen sooner rather than later. We somehow need to insert the network security element into the NetOps pipeline and seamlessly make it just another step in the process. If we had a way to automatically check whether network connectivity is already enabled as part of the pre-delivery testing phase, that could, at least, save us the heartache of deploying something that will not work. Thankfully, there are tools available that can bring SecOps and NetOps closer together, such as Cisco ACI , Cisco Secure Workload and AlgoSec Security Management Solution . Cisco ACI, for instance, is a tightly coupled policy-driven solution that integrates software and hardware, allowing for greater application agility and data center automation. Cisco Secure Workload (previously known as Tetration), is a micro-segmentation and cloud workload protection platform that offers multi-cloud security based on a zero-trust model. When combined with AlgoSec, Cisco Secure Workload is able to map existing application connectivity and automatically generate and deploy security policies on different network security devices, such as ACI contract, firewalls, routers and cloud security groups. So, while Cisco Secure Workload takes care of enforcing security at each and every endpoint, AlgoSec handles network management. This is NetOps and SecOps convergence in action, allowing for 360-degree oversight of network and security controls for threat detection across entire hybrid and multi-vendor frameworks. While the utopian harmony of NetOps and SecOps may be some way off, using existing tools, processes and platforms to bridge the divide between the two departments can mitigate the ‘silo effect’ resulting in stronger, safer and more resilient operations. We recently hosted a webinar with Doug Hurd from Cisco and Henrik Skovfoged from Conscia discussing how you can bring NetOps and SecOps teams together with Cisco and AlgoSec. You can watch the recorded session here . Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Webinars Cisco ACI & AlgoSec: Achieving Application-driven Security Across your Hybrid Network As your network extends into hybrid and multi-cloud environments, including software-defined networks such as Cisco ACI, managing security policies within your hybrid estate becomes more and more complex. Because each part of your network estate is managed in its own silo, it’s tough to get a full view of your entire network. Making changes across your entire network is a chore and validating your entire network’s security is virtually impossible. Learn how to unify, consolidate, and automate your entire network security policy management including both within the Cisco ACI fabric and elements outside the fabric. In this session Omer Ganot, AlgoSec’s Product Manager, will discuss how to: Get full visibility of your entire hybrid network estate, including items within the Cisco ACI security environment, as well as outside it. Unify, consolidate, and automate your network security policy management, including elements within and outside of the Cisco ACI fabric. Proactively assess risk throughout your entire network, including Cisco ACI contracts, and recommend the necessary changes to eliminate misconfigurations and compliance violations February 5, 2020 Omer Ganot Product Manager Relevant resources AlgoSec Joins Cisco’s Global Price List Keep Reading Migrating and Managing Security Policies in a Segmented Data Center Keep Reading AlgoSec Cisco ACI App Center Demo Watch Video Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Previous Part of the analysis is available here. Next Part of the analysis is available here. Update from 19 December 2020: ‍Prevasio... Cloud Security Sunburst Backdoor, Part II: DGA & The List of Victims Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/17/20 Published Previous Part of the analysis is available here . Next Part of the analysis is available here . Update from 19 December 2020: Prevasio would like to thank Zetalytics for providing us with an updated (larger) list of passive (historic) DNS queries for the domains generated by the malware. As described in the first part of our analysis, the DGA (Domain Generation Algorithm) of the Sunburst backdoor produces a domain name that may look like: fivu4vjamve5vfrtn2huov[.]appsync-api.us-west-2[.]avsvmcloud[.]com The first part of the domain name (before the first dot) consists of a 16-character random string, appended with an encoded computer’s domain name. This is the domain in which the local computer is registered. From the example string above, we can conclude that the encoded computer’s domain starts from the 17th character and up until the dot (highlighted in yellow): fivu4vjamve5vfrt n2huov In order to encode a local computer’s domain name, the malware uses one of 2 simple methods: Method 1 : a substitution table, if the domain name consists of small letters, digits, or special characters ‘-‘, ‘_’, ‘.’ Method 2 : base64 with a custom alphabet, in case of capital letters present in the domain name Method 1 In our example, the encoded domain name is “n2huov” . As it does not have any capital letters, the malware encodes it with a substitution table “rq3gsalt6u1iyfzop572d49bnx8cvmkewhj” . For each character in the domain name, the encoder replaces it with a character located in the substitution table four characters right from the original character. In order to decode the name back, all we have to do is to replace each encoded character with another character, located in the substitution table four characters left from the original character. To illustrate this method, imagine that the original substitution table is printed on a paper strip and then covered with a card with 6 perforated windows. Above each window, there is a sticker note with a number on it, to reflect the order of characters in the word “n2huov” , where ‘n’ is #1, ‘2’ is #2, ‘h’ is #3 and so on: Once the paper strip is pulled by 4 characters right, the perforated windows will reveal a different word underneath the card: “domain” , where ‘d’ is #1, ‘o’ is #2, ‘m’ is #3, etc.: A special case is reserved for such characters as ‘0’ , ‘-‘ , ‘_’ , ‘.’ . These characters are encoded with ‘0’ , followed with a character from the substitution table. An index of that character in the substitution table, divided by 4, provides an index within the string “0_-.” . The following snippet in C# illustrates how an encoded string can be decoded: static string decode_domain( string s) { string table = "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" ; string result = "" ; for ( int i = 0 ; i < s.Length; i++) { if (s[i] != '0' ) { result += table[(table.IndexOf(s[i]) + table.Length - 4 ) % table.Length]; } else { if (i < s.Length - 1 ) { if (table.Contains(s[i + 1 ])) { result += "0_-." [table.IndexOf(s[i + 1 ]) % 4 ]; } else { break ; } } i++; } } return result; } Method 2 This method is a standard base64 encoder with a custom alphabet “ph2eifo3n5utg1j8d94qrvbmk0sal76c” . Here is a snippet in C# that provides a decoder: public static string FromBase32String( string str) { string table = "ph2eifo3n5utg1j8d94qrvbmk0sal76c" ; int numBytes = str.Length * 5 / 8 ; byte [] bytes = new Byte[numBytes]; int bit_buffer; int currentCharIndex; int bits_in_buffer; if (str.Length < 3 ) { bytes[ 0 ] = ( byte )(table.IndexOf(str[ 0 ]) | table.IndexOf(str[ 1 ]) << 5 ); return System.Text.Encoding.UTF8.GetString(bytes); } bit_buffer = (table.IndexOf(str[ 0 ]) | table.IndexOf(str[ 1 ]) << 5 ); bits_in_buffer = 10 ; currentCharIndex = 2 ; for ( int i = 0 ; i < bytes.Length; i++) { bytes[i] = ( byte )bit_buffer; bit_buffer >>= 8 ; bits_in_buffer -= 8 ; while (bits_in_buffer < 8 && currentCharIndex < str.Length) { bit_buffer |= table.IndexOf(str[currentCharIndex++]) << bits_in_buffer; bits_in_buffer += 5 ; } } return System.Text.Encoding.UTF8.GetString(bytes); } When the malware encodes a domain using Method 2, it prepends the encrypted string with a double zero character: “00” . Following that, extracting a domain part of an encoded domain name (long form) is as simple as: static string get_domain_part( string s) { int i = s.IndexOf( ".appsync-api" ); if (i > 0 ) { s = s.Substring( 0 , i); if (s.Length > 16 ) { return s.Substring( 16 ); } } return "" ; } Once the domain part is extracted, the decoded domain name can be obtained by using Method 1 or Method 2, as explained above: if (domain.StartsWith( "00" )) { decoded = FromBase32String(domain.Substring( 2 )); } else { decoded = decode_domain(domain); } Decrypting the Victims’ Domain Names To see the decoder in action, let’s select 2 lists: List #1 Bambenek Consulting has provided a list of observed hostnames for the DGA domain. List #2 The second list has surfaced in a Paste bin paste , allegedly sourced from Zetalytics / Zonecruncher . NOTE: This list is fairly ‘noisy’, as it has non-decodable domain names. By feeding both lists to our decoder, we can now obtain a list of decoded domains, that could have been generated by the victims of the Sunburst backdoor. DISCLAIMER: It is not clear if the provided lists contain valid domain names that indeed belong to the victims. It is quite possible that the encoded domain names were produced by third-party tools, sandboxes, or by researchers that investigated and analysed the backdoor. The decoded domain names are provided purely as a reverse engineering exercise. The resulting list was manually processed to eliminate noise, and to exclude duplicate entries. Following that, we have made an attempt to map the obtained domain names to the company names, using Google search. Reader’s discretion is advised as such mappings could be inaccurate. Decoded Domain Mapping (Could Be Inaccurate) hgvc.com Hilton Grand Vacations Amerisaf AMERISAFE, Inc. kcpl.com Kansas City Power and Light Company SFBALLET San Francisco Ballet scif.com State Compensation Insurance Fund LOGOSTEC Logostec Ventilação Industrial ARYZTA.C ARYZTA Food Solutions bmrn.com BioMarin Pharmaceutical Inc. AHCCCS.S Arizona Health Care Cost Containment System nnge.org Next Generation Global Education cree.com Cree, Inc (semiconductor products) calsb.org The State Bar of California rbe.sk.ca Regina Public Schools cisco.com Cisco Systems pcsco.com Professional Computer Systems barrie.ca City of Barrie ripta.com Rhode Island Public Transit Authority uncity.dk UN City (Building in Denmark) bisco.int Boambee Industrial Supplies (Bisco) haifa.edu University of Haifa smsnet.pl SMSNET, Poland fcmat.org Fiscal Crisis and Management Assistance Team wiley.com Wiley (publishing) ciena.com Ciena (networking systems) belkin.com Belkin spsd.sk.ca Saskatoon Public Schools pqcorp.com PQ Corporation ftfcu.corp First Tech Federal Credit Union bop.com.pk The Bank of Punjab nvidia.com NVidia insead.org INSEAD (non-profit, private university) usd373.org Newton Public Schools agloan.ads American AgCredit pageaz.gov City of Page jarvis.lab Erich Jarvis Lab ch2news.tv Channel 2 (Israeli TV channel) bgeltd.com Bradford / Hammacher Remote Support Software dsh.ca.gov California Department of State Hospitals dotcomm.org Douglas Omaha Technology Commission sc.pima.gov Arizona Superior Court in Pima County itps.uk.net IT Professional Services, UK moncton.loc City of Moncton acmedctr.ad Alameda Health System csci-va.com Computer Systems Center Incorporated keyano.local Keyano College uis.kent.edu Kent State University alm.brand.dk Sydbank Group (Banking, Denmark) ironform.com Ironform (metal fabrication) corp.ncr.com NCR Corporation ap.serco.com Serco Asia Pacific int.sap.corp SAP mmhs-fla.org Cleveland Clinic Martin Health nswhealth.net NSW Health mixonhill.com Mixon Hill (intelligent transportation systems) bcofsa.com.ar Banco de Formosa ci.dublin.ca. Dublin, City in California siskiyous.edu College of the Siskiyous weioffice.com Walton Family Foundation ecobank.group Ecobank Group (Africa) corp.sana.com Sana Biotechnology med.ds.osd.mi US Gov Information System wz.hasbro.com Hasbro (Toy company) its.iastate.ed Iowa State University amr.corp.intel Intel cds.capilanou. Capilano University e-idsolutions. IDSolutions (video conferencing) helixwater.org Helix Water District detmir-group.r Detsky Mir (Russian children’s retailer) int.lukoil-int LUKOIL (Oil and gas company, Russia) ad.azarthritis Arizona Arthritis and Rheumatology Associates net.vestfor.dk Vestforbrænding allegronet.co. Allegronet (Cloud based services, Israel) us.deloitte.co Deloitte central.pima.g Pima County Government city.kingston. City of Kingston staff.technion Technion – Israel Institute of Technology airquality.org Sacramento Metropolitan Air Quality Management District phabahamas.org Public Hospitals Authority, Caribbean parametrix.com Parametrix (Engineering) ad.checkpoint. Check Point corp.riotinto. Rio Tinto (Mining company, Australia) intra.rakuten. Rakuten us.rwbaird.com Robert W. Baird & Co. (Financial services) ville.terrebonn Ville de Terrebonne woodruff-sawyer Woodruff-Sawyer & Co., Inc. fisherbartoninc Fisher Barton Group banccentral.com BancCentral Financial Services Corp. taylorfarms.com Taylor Fresh Foods neophotonics.co NeoPhotonics (optoelectronic devices) gloucesterva.ne Gloucester County magnoliaisd.loc Magnolia Independent School District zippertubing.co Zippertubing (Manufacturing) milledgeville.l Milledgeville (City in Georgia) digitalreachinc Digital Reach, Inc. deniz.denizbank DenizBank thoughtspot.int ThoughtSpot (Business intelligence) lufkintexas.net Lufkin (City in Texas) digitalsense.co Digital Sense (Cloud Services) wrbaustralia.ad W. R. Berkley Insurance Australia christieclinic. Christie Clinic Telehealth signaturebank.l Signature Bank dufferincounty. Dufferin County mountsinai.hosp Mount Sinai Hospital securview.local Securview Victory (Video Interface technology) weber-kunststof Weber Kunststoftechniek parentpay.local ParentPay (Cashless Payments) europapier.inte Europapier International AG molsoncoors.com Molson Coors Beverage Company fujitsugeneral. Fujitsu General cityofsacramento City of Sacramento ninewellshospita Ninewells Hospital fortsmithlibrary Fort Smith Public Library dokkenengineerin Dokken Engineering vantagedatacente Vantage Data Centers friendshipstateb Friendship State Bank clinicasierravis Clinica Sierra Vista ftsillapachecasi Apache Casino Hotel voceracommunicat Vocera (clinical communications) mutualofomahabanMutual of Omaha Bank Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Tal Dayan, security expert for AlgoSec, discusses the secret to passing audits seamlessly and how to introduce automated compliance... Auditing and Compliance Compliance Made Easy: How to improve your risk posture with automated audits Tal Dayan 2 min read Tal Dayan Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 4/29/21 Published Tal Dayan, security expert for AlgoSec, discusses the secret to passing audits seamlessly and how to introduce automated compliance Compliance standards come in many different shapes and sizes. Some organizations set their own internal policies, while others are subject to regimented global frameworks such as PCI DSS , which protects customers’ card payment details; SOX to safeguard financial information or HIPAA , which protects patients’ healthcare data. Regardless of which industry you operate in, regular auditing is key to ensuring your business retains its risk posture whilst also remaining compliant. The problem is that running manual risk and security audits can be a long, drawn-out, and tedious affair. A 2020 report from Coalfire and Omdia  found that for the majority of organizations, growing compliance obligations are now consuming 40% or more of IT security budgets and threaten to become an unsustainable cost.  The report suggests two reasons for this growing compliance burden.  First, compliance standards are changing from point-in-time reviews to continuous, outcome-based requirements. Second, the ongoing cyber-skills shortage is stretching organizations’ abilities to keep up with compliance requirements. This means businesses tend to leave them until the last moment, leading to a rushed audit that isn’t as thorough as it could be, putting your business at increased risk of a penalty fine or, worse, a data breach that could jeopardize the entire organization. The auditing process itself consists of a set of requirements that must be created for organizations to measure themselves against. Each rule must be manually analyzed and simulated before it can be implemented and used in the real world. As if that wasn’t time-consuming enough, every single edit to a rule must also be logged meticulously. That is why automation plays a key role in the auditing process. By striking the right balance between automated and manual processes, your business can achieve continuous compliance and produce audit reports seamlessly. Here is a six-step strategy that can set your business on the path to sustainable and successful ongoing auditing preservation: Step 1: Gather information This step will be the most arduous but once completed it will become much easier to sustain. This is when you’ll need to gather things like security policies, firewall access logs, documents from previous audits and firewall vendor information – effectively everything you’d normally factor into a manual security audit. Step 2: Define a clear change management process A good change management process is essential to ensure traceability and accountability when it comes to firewall changes. This process should confirm that every change is properly authorized and logged as and when it occurs, providing a picture of historical changes and approvals. Step 3: Audit physical & OS security With the pandemic causing a surge in the number of remote workers and devices used, businesses must take extra care to certify that every endpoint is secured and up-to-date with relevant security patches. Crucially, firewall and management services should also be physically protected, with only designated personnel permitted to access them. Step 4: Clean up & organize rule base As with every process, the tidier it is, the more efficient it is. Document rules and naming conventions should be enforced to ensure the rule base is as organized as possible, with identical rules consolidated to keep things concise. Step 5: Assess & remediate risk Now it’s time to assess each rule and identify those that are particularly risky and prioritize them by severity. Are there any that violate corporate security policies? Do some have “ANY” and a permissive action? Make a list of these rules and analyze them to prepare plans for remediation and compliance. Step 6: Continuity & optimization Now it’s time to simply hone the first five steps and make these processes as regular and streamlined as possible. By following the above steps and building out your own process, you can make day-to-day compliance and auditing much more manageable. Not only will you improve your compliance score, you’ll also be able to maintain a sustainable level of compliance without the usual disruption and hard labor caused by cumbersome and expensive manual processes. To find out more about auditing automation and how you can master compliance, watch my recent webinar and visit our firewall auditing and compliance page. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Secure your cloud environment with just 5 pillars Learn how Prevasio CNAPP’s innovative features and robust architecture offers a comprehensive defense mechanism that goes beyond traditional security measures Webinars 5 Pillars for advanced cloud security In this webinar you’ll discover how Prevasio CNAPP’s cutting-edge features and resilient architecture redefine cloud security, providing a comprehensive defense mechanism that transcends conventional security measures. Gain a deep understanding of the innovative strategies and advanced technologies that make Prevasio CNAPP an indispensable ally in safeguarding your critical data and applications. June 13, 2023 Jacqueline Basil Product Marketing Manager Relevant resources Cloud migrations made simpler: Safe, Secure and Successful Migrations Keep Reading AlgoSec Cloud - Cloud security policy and configuration management made simple Read Document 6 best practices to stay secure in the hybrid cloud Read Document Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

With the rapid proliferation of cloud computing, lean deployment methods, such as containers, have become common practice. According to... Cloud Security Intro to Kubernetes Security Best Practices Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/27/20 Published With the rapid proliferation of cloud computing, lean deployment methods, such as containers, have become common practice. According to CIO.com, 70% of global companies are expected to be running multiple apps simultaneously using a containerized framework, like Kubernetes in the next few years. But as Kubernetes’ use becomes more widespread, so do the vulnerabilities inherent to containerization. According to a 2019 Forbes article , Kubernetes had at least 7,000 identified vulnerabilities at the beginning of 2019 alone. Couple that with the fact that cyber-attacks involving containerization have increased a whopping 240% since 2018, and you’ll understand the value of security should your company use a solution like Kubernetes to handle its container orchestration. What Causes Kubernetes Security Blindspots? To understand how to best optimize your Kubernetes experience, it’s worthwhile to understand the basic ways security issues arise in a containerized framework. Images are the core building blocks of containerization; they are the executable process at the centre of your container. As a result, anything that exposes an image to a broader audience puts the container at risk of being hijacked. One of the primary ways this occurs is by using out-of-date software. Using old software gives malicious actors a small incongruence that they can exploit within the code. Another problem is poorly defined user access roles. If sensible changes aren’t made to an orchestration tool’s default settings, inappropriate parties may have access to alter the container’s core executable. Containerization gives you a way to manage a large number of processes easily and with increased adaptability. As a result, automation makes it impossible to keep your eyes on everything at once. Here are some best practices that can help you counter the wide range of vulnerabilities inherent to containerization and Kubernetes in general. Kubernetes Security Best Practices Given the architecture of the Kubernetes framework, security risks are a constant and evolving threat. Luckily, Google made Kubernetes an open-source application under the auspices of the Cloud Native Computing Foundation where solutions to new security issues are actively crowdsourced by the community. Regardless, there are a number of things that you can do during the build, deployment, and runtime phases to make your Kubernetes implementation more secure. Take care of your images Images are the heart of every container. Executable functions are essential, so images must be well-maintained and in good working order. Only use up-to-date images, scanning them regularly for security issues. As a rule of thumb, you should also avoid including unnecessary tools and functions in your image coding as they can inadvertently give hackers an access route. Ensure that your secrets remain secret The term “secrets” refers to any private information such as login credentials, tokens, or other sensitive data. While it’s not customary to keep sensitive data stored adjacent to the container’s image, the scenario has come up before. Keep secret data as far from the image as possible in order to increase security. Keep up-to-date with scans and security patches The community does a good job of patching Kubernetes when issues arise. If you don’t take the time to update both your OS and Kubernetes’ security, you give malware additional avenues of attack. Updates should be performed at least every nine months, if not more often. Due to the nature of how Kubernetes works, if you are using an outdated version, you could actively be spreading issues when the container is deployed elsewhere. Take advantage of customization to define user roles and access A container orchestration tool like Kubernetes is a complex web running thousands of processes across numerous machines. That means hundreds of end-users involved with the application. Take advantage of Kubernetes administrative functions to clearly define user roles, limiting full access for those who don’t need it. As they say, too many cooks spoil the broth. Keeping Kubernetes Simple and Safe Containers are an agile, lightweight framework for cloud computing, but manually deploying the correct containers to their destinations can quickly become overwhelming. An orchestration tool like Kubernetes is the perfect solution to managing your containerization, but the security risks inherent to this model can be restrictive. By keeping a few key practices in mind when implementing Kubernetes into your workflow, you can help to promote safety while streamlining your processes. To Sum It All Up Kubernetes has become the centrepiece of the cloud Native landscape and a notable advantage for organizations to rapidly manage and deploy their containerized business logic. But certain security best practices must be followed such as working with reliable docker images, properly defined resource quotas, network policies, work with namespaces for access control and authentication\authorization, and more. To learn more about Prevasio integration and security for K8s containers, contact us today. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Enterprise cybersecurity must constantly evolve to meet the threat posed by new malware variants and increasingly sophisticated hacker... Uncategorized Network Security vs. Application Security: The Complete Guide Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 1/25/24 Published Enterprise cybersecurity must constantly evolve to meet the threat posed by new malware variants and increasingly sophisticated hacker tactics, techniques, and procedures. This need drives the way security professionals categorize different technologies and approaches. The difference between network security and application security is an excellent example. These two components of the enterprise IT environment must be treated separately in any modern cybersecurity framework. This is because they operate on different levels of the network and they are exposed to different types of threats and security issues. To understand why, we need to cover what each category includes and how they contribute to an organization’s overall information security posture. IT leaders and professionals can use this information to their organization’s security posture, boost performance, and improve event outcomes. What is Network Security? Network security focuses on protecting assets located within the network perimeter. These assets include data, devices, systems, and other facilities that enable the organization to pursue its interests — just about anything that has value to the organization can be an asset. This security model worked well in the past, when organizations had a clearly defined network perimeter. Since the attack surface was well understood, security professionals could deploy firewalls, intrusion prevention systems, and secure web gateways directly at the point of connection between the internal network and the public internet. Since most users, devices and applications were located on-site, security leaders had visibility and control over the entire network. This started to change when organizations shifted to cloud computing and remote work, supported by increasingly powerful mobile devices. Now most organizations do not have a clear network perimeter, so the castle-and-moat approach to network security is no longer effective. However, the network security approach isn’t obsolete. It is simply undergoing a process of change, adjusting to smaller, more segmented networks governed by Zero Trust principles and influenced by developments in application security. Key Concepts of Network Security Network security traditionally adopts a castle-and-moat approach, where all security controls exist at the network perimeter. Users who attempt to access the network must authenticate and verify themselves before being allowed to enter. Once they enter, they can freely move between assets, applications, and systems without the need to re-authenticate themselves. In modern, cloud-enabled networks, the approach is less like a castle and more like a university campus. There may be multiple different subnetworks working together, with different security controls based on the value of the assets under protection. In these environments, network security is just one part of a larger, multi-layered security deployment. This approach focuses on protecting IT infrastructure, like routers, firewalls, and network traffic. Each of these components has a unique role to play securing assets inside the network: Firewalls act as filters for network traffic , deciding what traffic is allowed to pass through and denying the rest. Well-configured firewall deployments don’t just protect internal assets from incoming traffic, they also protect against data from leaking outside the network as well. Intrusion Prevention Systems (IPS) are security tools that continuously monitor the network for malicious activity and take action to block unauthorized processes. They may search for known threat signatures, monitor for abnormal network activity, or enforce custom security policies. Virtual Private Networks (VPNs) encrypt traffic between networks and hide users’ IP addresses from the public internet. This is useful for maintaining operational security in a complex network environment because it prevents threat actors from intercepting data in transit. Access control tools allow security leaders to manage who is authorized to access data and resources on the network. Secure access control policies determine which users have permission to access sensitive assets, and the conditions under which that access might be revoked. Why is Network Security Important? Network security tools protect organizations against cyberattacks that target their network infrastructure, and prevent hackers from conducting lateral movement. Many modern network security solutions focus on providing deep visibility into network traffic, so that security teams can identify threat actors who have successfully breached the network perimeter and gained unauthorized access. Network Security Technologies and Strategies Firewalls : These tools guard the perimeters of network infrastructure. Firewalls filter incoming and outgoing traffic to prevent malicious activity. They also play an important role in establishing boundaries between network zones, allowing security teams to carefully monitor users who move between different parts of the network. These devices must be continuously monitored and periodically reconfigured to meet the organization’s changing security needs. VPNs : Secure remote access and IP address confidentiality is an important part of network security. VPNs ensure users do not leak IP data outside the network when connecting to external sources. They also allow remote users to access sensitive assets inside the network even when using unsecured connections, like public Wi-Fi. Zero Trust Models : Access control and network security tools provide validation for network endpoints, including IoT and mobile devices. This allows security teams to re-authenticate network users even when they have already verified their identities and quickly disconnect users who fail these authentication checks. What is Application Security? Application security addresses security threats to public-facing applications, including APIs. These threats may include security misconfigurations, known vulnerabilities, and threat actor exploits. Since these network assets have public-facing connections, they are technically part of the network perimeter — but they do not typically share the same characteristics as traditional network perimeter assets. Unlike network security, application security extends to the development and engineering process that produces individual apps. It governs many of the workflows that developers use when writing code for business contexts. One of the challenges to web application security is the fact that there is no clear and universal definition for what counts as an application. Most user-interactive tools and systems count, especially ones that can process data automatically through API access. However, the broad range of possibilities leads to an enormous number of potential security vulnerabilities and exposures, all of which must be accounted for. Several frameworks and methods exist for achieving this: The OWASP Top Ten is a cybersecurity awareness document that gives developers a broad overview of the most common application vulnerabilities . Organizations that adopt the document give software engineers clear guidance on the kinds of security controls they need to build into the development lifecycle. The Common Weakness Enumeration (CWE) is a long list of software weaknesses known to lead to security issues. The CWE list is prioritized by severity, giving organizations a good starting point for improving application security. Common Vulnerabilities and Exposures (CVE) codes contain extensive information on publicly disclosed security vulnerabilities, including application vulnerabilities. Every vulnerability has its own unique CVE code, which gives developers and security professionals the ability to clearly distinguish them from one another. Key Concepts of Application Security The main focus of application security is maintaining secure environments inside applications and their use cases. It is especially concerned with the security vulnerabilities that arise when web applications are made available for public use. When public internet users can interact with a web application directly, the security risks associated with that application rise significantly. As a result, developers must adopt security best practices into their workflows early in the development process. The core elements of application security include: Source code security, which describes a framework for ensuring the security of the source code that powers web-connected applications. Code reviews and security approvals are a vital part of this process, ensuring that vulnerable code does not get released to the public. Securing the application development lifecycle by creating secure coding guidelines, providing developers with the appropriate resources and training, and creating remediation service-level agreements (SLAs) for application security violations. Web application firewalls, which operate separately from traditional firewalls and exclusively protect public-facing web applications and APIs. Web application firewalls monitor and filter traffic to and from a web source, protecting web applications from security threats wherever they happen to be located. Why is Application Security Important? Application security plays a major role ensuring the confidentiality, integrity, and availability of sensitive data processed by applications. Since public-facing applications often collect and process end-user data, they make easy targets for opportunistic hackers. At the same time, robust application security controls must exist within applications to address security vulnerabilities when they emerge and prevent data breaches. Application Security Technologies Web Application Firewalls. These firewalls provide protection specific to web applications, preventing attackers from conducting SQL injection, cross-site scripting, and denial-of-service attacks, among others. These technical attacks can lead to application instability and leak sensitive information to attackers. Application Security Testing. This important step includes penetration testing, vulnerability scanning, and the use of CWE frameworks. Pentesters and application security teams work together to ensure public-facing web applications and APIs hold up against emerging threats and increasingly sophisticated attacks. App Development Security. Organizations need to incorporate security measures into their application development processes. DevOps security best practices include creating modular, containerized applications uniquely secured against threats regardless of future changes to the IT environment or device operating systems. Integrating Network and Application Security Network and application security are not mutually exclusive areas of expertise. They are two distinct parts of your organization’s overall security posture. Identifying areas where they overlap and finding solutions to common problems will help you optimize your organization’s security capabilities through a unified security approach. Overlapping Areas Network and application security solutions protect distinct areas of the enterprise IT environment, but they do overlap in certain areas. Security leaders should be aware of the risk of over-implementation, or deploying redundant security solutions that do not efficiently improve security outcomes. Security Solutions : Both areas use security tools like intrusion prevention systems, authentication, and encryption. Network security solutions may treat web applications as network entry points, but many hosted web applications are located outside the network perimeter. This makes it difficult to integrate the same tools, policies, and controls uniformly across web application toolsets. Cybersecurity Strategy : Your strategy is an integral part of your organization’s security program, guiding your response to different security threats. Security architects must configure network and application security solutions to work together in use case scenarios where one can meaningfully contribute to the other’s operations. Unique Challenges Successful technology implementations of any kind come with challenges, and security implementations are no different. Both application and network security deployments will present issues that security leaders must be prepared to address. Application security challenges include: Maintaining usability. End users will not appreciate security implementations that make apps harder to use. Security teams need to pay close attention to how new features impact user interfaces and workflows. Detecting vulnerabilities in code. Ensuring all code is 100% free of vulnerabilities is rarely feasible. Instead, organizations need to adopt a proactive approach to detecting vulnerabilities in code and maintaining source code security. Managing source code versioning. Implementing DevSecOps processes can make it hard for organizations to keep track of continuously deployed security updates and integrations. This may require investing in additional toolsets and versioning capabilities. Network security challenges include: Addressing network infrastructure misconfigurations. Many network risks stem from misconfigured firewalls and other security tools. One of the main challenges in network security is proactively identifying these misconfigurations and resolving them before they lead to security incidents. Monitoring network traffic efficiently. Monitoring network traffic can make extensive use of limited resources, leading to performance issues or driving up network-related costs. Security leaders must find ways to gain insight into security issues without raising costs beyond what the organization can afford. Managing network-based security risks effectively. Translating network activity insights into incident response playbooks is not always easy. Simply knowing that unauthorized activity might be happening is not enough. Security teams must also be equipped to address those risks and mitigate potential damage. Integrating Network and Application Security for Unified Protection A robust security posture must contain elements of both network and application security. Public-facing applications must be able to filter out malicious traffic and resist technical attacks, and security teams need comprehensive visibility into network activity and detecting insider threats . This is especially important in cloud-enabled hybrid environments. If your organization uses cloud computing through a variety of public and private cloud vendors, you will need to extend network visibility throughout the hybrid network. Maintaining cloud security requires a combination of network and web application security capable of producing results in a cost-effective way. Highly automated security platforms can help organizations implement proactive security measures that reduce the need to hire specialist internal talent for every configuration and policy change. Enterprise-ready cloud security solutions leverage automation and machine learning to reduce operating costs and improve security performance across the board. Unify Network and Application Security with AlgoSec No organization can adequately protect itself from a wide range of cyber threats without investing in both network and application security. Technology continues to evolve and threat actors will adapt their tactics to exploit new vulnerabilities as they are discovered. Integrating network and application security into a single, unified approach gives security teams the ability to create security policies and incident response plans that address real-world threats more effectively. Network visibility and streamlined change management are vital to achieving this goal. AlgoSec is a security policy management and application connectivity platform that provides in-depth information on both aspects of your security posture. Find out how AlgoSec can help you centralize policy and change management in your network. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

In today’s evolving threat landscape, Zero Trust Architecture has emerged as a significant security framework for organizations. One... Zero Trust Zero Trust Design Nitin Rajput 2 min read Nitin Rajput Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 5/18/24 Published In today’s evolving threat landscape, Zero Trust Architecture has emerged as a significant security framework for organizations. One influential model in this space is the Zero Trust Model, attributed to John Kinderbag. Inspired by Kinderbag’s model, we explore how our advanced solution can effectively align with the principles of Zero Trust. Let’s dive into the key points of mapping the Zero Trust Model with AlgoSec’s solution, enabling organizations to strengthen their security posture and embrace the Zero Trust paradigm. My approach of mapping Zero Trust Model with AlgoSec solution is based on John Kinderbag’s Zero Trust model ( details ) which being widely followed, and I hope it will help organizations in building their Zero trust strategy. Firstly, let’s understand what Zero trust is all about in a simple language. Zero Trust is a Cybersecurity approach that articulates that the fundamental problem we have is a broken trust model where the untrusted side of the network is the evil internet, and the trusted side is the stuff we control. Therefore, it is an approach to designing and implementing a security program based on the notion that no user or device or agent should have implicit trust. Instead, anyone or anything, a device or system that seeks access to corporate assets must prove it should be trusted. The primary goal of Zero Trust is to prevent breaches. Prevention is possible. In fact, it’s more cost effective from a business perspective to prevent a breach than it is to attempt to recover from a breach, pay a ransom, and the deal with the costs of downtime or lost customers. As per John Kinderbag, there are Four Zero Trust Design Principles and Five-Step Zero Trust Design Methodology. The Four Zero Trust Design Principles: The first and the most important principle of your Zero Trust strategy is know “What is the Business trying to achieve?”. Second, start with DAAS (Data, Application, Asset and Services) elements and protect surfaces that need protection and design outward from there. Third, determine who needs to have access to a resource in order to get their job done, commonly known as least privilege. Fourth, all the traffic going to and from a protect surface must be inspected and logged for malicious content. Define Business Outcomes Design from the inside out Determine who or what needs access Inspect and log all traffic The Five-Step Zero Trust Design Methodology To make your Zero trust journey achievable, you need a repeatable process to follow. The first step in the Zero trust is to break down your environment into smaller pieces that you need to protect (protect surfaces). The second step for deploying Zero Trust in each protect surfaces is to map the transactions flows so that we can allow only the ports and the address needed and nothing else. Everyone wants to know what products to buy to do Zero trust or to eliminate trust between digital systems, the truth is that you won’t know the answer to that until you’ve gone through the process. Which brings us to the third step in the methodology: architecting the Zero trust environment. Ultimately, we need to instantiate Zero Trust as a Layer 7 policy statement. Use the Kipling Method of Zero Trust policy writing to determine who or what can access your protect surface. The fifth design principle of Zero Trust is to inspect and log all traffic, for monitor and maintain, one needs to take all of the telemetry – whether it’s from a network detection and response tool, or from firewall or server application logs and then learn from them. As you learn over time, you can make security stronger and stronger. Define the protect surface Map the transaction flows Architect a Zero trust environment Create Zero trust policies Monitor and maintain. How AlgoSec aligns with “Map the transaction Flows” the 2nd step of Design Methodology? AlgoSec Auto-Discovery. analyses your traffic flows, turning them into a clear map. AutoDiscovery receives network traffic metadata as NetFlow, SFLOW, or full packets and then digest multiple streams of traffic metadata to let you clearly visualize your transaction flows. Once the transaction flows are discovered and optimized, the system keeps tracking changes in these flows. Once new flows are discovered in the network, the application description is updated with the new flows. Outcome: Clear visualization of transaction flows. Updated application description. Optimized transaction flows. How AlgoSec aligns with “Architect Zero Trust Policies” – the 4th step of Design Methodology? With AlgoSec, you can automate the security policy change process without introducing any element of risk, vulnerability, or compliance violation. AlgoSec allows you to ingest the discovered transaction flows as a Traffic Change request and analyze those traffic changes before they are implemented all the to your Firewalls, Public Cloud and SDN Solutions and validate successful changes as intended, all within your existing IT Service Management (ITSM) solutions. Outcome: Analyzed traffic changes for implementation. Implemented security policy changes without risk, vulnerability, or compliance violations. How Algosec aligns with “Monitor and maintain” – the 5th step of Design Methodology? AlgoSec analyzes security by analyzing firewall policies, firewall rules, firewall traffic logs and firewall change configurations. Detailed analysis of the security logs offers critical network vital intelligence about security breaches and attempted attacks like virus, trojans, and denial of service among others. With AlgoSec traffic flow analysis, you can monitor traffic within a specific firewall rule. You do not need to allow all traffic to traverse in all directions but instead, you can monitor it through the pragmatic behaviors on the network and enable network firewall administrators to recognize which firewall rules they can create and implement to allow only the necessary access. Outcome: Critical network intelligence, identification of security breaches and attempted attacks. Enhanced firewall rule creation and implementation, allowing only necessary access. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Discover five essential tips for securing your network in 2021 with Algosec's network security experts. Webinars 5 power tips to keep your network secure in 2021 No one could have predicted how unpredictable 2020 would be, so we’re here to help you get prepared for whatever is in store in 2021. No matter what happens in the upcoming year – there are five things you can do now to keep your network secure in 2021. Join network security experts Jade Kahn and Asher Benbenisty, and learn how to: Never fly blind: Ensure visibility across your entire hybrid network Do more with less: Accelerate digital transformation & avoid misconfigurations with automation Stay continuously compliant Fight ransomware with micro-segmentation Accelerate in the cloud January 13, 2021 Jade Kahn CMO Asher Benbenisty Director of product marketing Relevant resources 5 Network Security Management Predictions for 2020 Watch Video Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue