Search results

As earlier reported by US-CERT, three versions of a popular NPM package named ua-parser-js were found to contain malware. The NPM package... Cloud Security Hijacked NPM Account Leads to Critical Supply Chain Compromise Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 10/24/21 Published As earlier reported by US-CERT, three versions of a popular NPM package named ua-parser-js were found to contain malware. The NPM package ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. The author of the package, Faisal Salman – a software developer from Indonesia, has commented about the incident: Hi all, very sorry about this. I noticed something unusual when my email was suddenly flooded by spams from hundreds of websites (maybe so I don’t realize something was up, luckily the effect is quite the contrary). I believe someone was hijacking my npm account and published some compromised packages (0.7.29, 0.8.0, 1.0.0) which will probably install malware as can be seen from the diff here: https://app.renovatebot.com/package-diff?name=ua-parser-js&from=0.7.28&to=1.0.0 I have sent a message to NPM support since I can’t seem to unpublish the compromised versions (maybe due to npm policy https://docs.npmjs.com/policies/unpublish ) so I can only deprecate them with a warning message. There are more than 2.5 million other repositories that depend on ua-parser-js . Google search “file:ua-parser-js.js” reveals nearly 2 million websites, which indicates the package is popular. As seen in the source code diff , the newly added file package/preinstall.js will check the OS platform. If it’s Windows, the script will spawn a newly added preinstall.bat script. If the OS is Linux, the script will call terminalLinux() function, as seen in the source below: var opsys = process.platform; if ( opsys == "darwin" ) { opsys = "MacOS" ; } else if ( opsys == "win32" || opsys == "win64" ) { opsys = "Windows" ; const { spawn } = require ( 'child_process' ) ; const bat = spawn ( 'cmd.exe' , [ '/c' , 'preinstall.bat' ]) ; } else if ( opsys == "linux" ) { opsys = "Linux" ; terminalLinux () ; } The terminalLinux() function will run the newly added preinstall.sh script. function terminalLinux(){ exec( "/bin/bash preinstall.sh" , (error, stdout, stderr) => { ... }); } The malicious preinstall.sh script first queries an XML file that will report the current user’s geo-location by visiting this URL . For example, for a user located in Australia, the returned content will be: [IP_ADDRESS] AU Australia ... Next, the script searches for the presence of the following country codes in the returned XML file: RU UA BY KZ That is, the script identifies if the affected user is located in Russia, Ukraine, Belarus, or Kazakhstan. Suppose the user is NOT located in any of these countries. In that case, the script will then fetch and execute malicious ELF binary jsextension from a server with IP address 159.148.186.228, located in Latvia. jsextension binary is an XMRig cryptominer with reasonably good coverage by other AV products. Conclusion The compromised ua-parser-js is a showcase of a typical supply chain attack. Last year, Prevasio found and reported a malicious package flatmap-stream in 1,482 Docker container images hosted in Docker Hub with a combined download count of 95M. The most significant contributor was the trojanized official container image of Eclipse. What’s fascinating in this case, however, is the effectiveness of the malicious code proliferation. It only takes one software developer to ignore a simple trick that reliably prevents these things from happening. The name of this trick is two-factor authentication (2FA). About the Country Codes Some people wonder why cybercriminals from Russia often avoid attacking victims outside of their country or other Russian-speaking countries. Some go as far as suggesting it’s for their own legal protection. The reality is way simpler, of course: “Не гадь там, где живешь” “Не сри там, где ешь” “Не плюй в колодец, пригодится воды напиться” Polite translation of all these sayings is: “One should not cause trouble in a place, group, or situation where one regularly finds oneself.” Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Hospitals are increasingly becoming a favored target of cyber criminals. Yet if you think about medical equipment that is vulnerable to... Cyber Attacks & Incident Response Checking the cybersecurity pulse of medical devices Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 6/14/16 Published Hospitals are increasingly becoming a favored target of cyber criminals. Yet if you think about medical equipment that is vulnerable to being hacked at a hospital, you might not immediately think of high-end, critical equipment such as MRI and X-ray scanners, and nuclear medicine devices. After all, these devices go through rigorous approval processes by the US Food & Drug Administration (FDA) before they are approved for safe use on patients. Yet today many, if not most, medical devices, have computers embedded in them, are connected to the hospital network, and often to the internet as well, so they provide a potential attack vector for cyber criminals. In late 2015 security researchers found that thousands of medical devices were vulnerable to attack and exposed to the public Internet. Interestingly, these researchers also found that many of the devices in question were running Windows XP – which is no longer supported or updated by Microsoft – and did not run antivirus software to protect them against malware. This combination raises an obvious security red flag. Ironically, these security vulnerabilities were further exacerbated because of the very FDA approvals process that certifies the devices. The approval process is, quite rightly, extremely rigorous. It is also lengthy and expensive. And if a manufacturer or vendor makes a change to a device, it needed to be re-certified. Until very recently, a ‘change’ to a medical device meant any sort of change – including patching devices’ operating systems and firmware to close off potential network security vulnerabilities. You can see where this is going: making simple updates to medical equipment to improve its defenses against cyberattacks was made that much more difficult and complex for the device manufacturers, because of the need for FDA re-certification every time a change was made. And of course, this potential delay in patching vulnerabilities made it easy for a hacker to try and ‘update’ the device in his own way, for criminal purposes. Hackers are usually not too concerned about getting FDA approval for their work. Fortunately, the FDA released new guidelines last year that allowed equipment manufacturers to patch software as required without undergoing re-certification—provided the change or modification does not ‘significantly affect the safety or effectiveness of the medical device’. That’s good news – but it’s not quite the end of the story. The FDA’s guidelines are only a partial panacea to the overall problem. They overlook the fact that many medical devices are running obsolete operating systems like Windows XP. What’s more, the actual process of applying patches to the computers in medical devices can vary enormously from manufacturer to manufacturer, with some patches needing to be downloaded and applied manually, while others may be pushed automatically. In either case, there could still be a window of weeks, months or even years before the device’s vendor issues a patch for a given vulnerability – a window that a hacker could exploit before the hospital’s IT team becomes aware that the vulnerability exists. This means that hospitals need to take great care when it comes to structuring and segmenting their network . It is vital that connected medical devices – particularly those where the internal OS may be out of date – are placed within defined, segregated segments of the network, and robustly protected with next-generation firewalls, web proxies and other filters. While network segmentation and filtering will not protect unpatched or obsolete operating system, they will ensure that the hospital’s network is secured to the best of its ability . Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Explore Algosec's customer success stories to see how organizations worldwide improve security, compliance, and efficiency with our solutions. ORMAT MANAGES RISK AND NERC COMPLIANCE WITH ALGOSEC Organization ORMAT Industry Technology Headquarters Reno, Nevada, United States Download case study Share Customer
success stories "We’re managing our network security with much greater confidence. With the value of the time we save and our improved compliance readiness, we can clearly see that AlgoSec is delivering on our investment" Global Geothermal Power Producer Improves Security and Compliance and Takes Control of DailyFirewall Management Operations at 14 Global Facilities AlgoSec Business Impact • Automated notifications improve firewall management processes.• Visibility of firewall rules allows better management of security infrastructure.• Built-in reports provide instant proof of SOX and NERC compliance. Background Ormat Technologies, Inc. a world leader in the geothermal power plant sector, is committed to developing green, sustainable energy solutions. The company has installed over 2000 MW of geothermal and Recovered Energy (REG) power plants worldwide. Ormat’s global IT department manages network security and ensures compliance with SOX (Sarbanes-Oxley) regulations and NERC (North American Electric Reliability Corporation) at 14 of its power plants. Challenge Ormat’s firewall configurations typically need updating on a daily basis to address the changing roles and information technology requirements of Ormat’s global employees. As the department has assumed greater responsibility for regulatory compliance in addition to internal operations, firewall management has become cumbersome and costly.“With multiple managers adding and changing firewall configurations at our various locations, we had no way to review each change, see who made it, or know if a change was made at all,” explains Meir Moshka, IT Manager at Ormat. Without this information, reviewing firewall configurations against regulations and standards was difficult and time-consuming. “To stay compliant and secure, we needed better controls for firewall management, but we also had to stay responsive to the employees we serve,” says Moshka. Solution After evaluating several firewall management products, Ormat selected the AlgoSec Security Management solution for its ease of use, and for the superiority of its built-in SOX and NERC compliance reports. “The web user interface is easy and friendly,” comments Moshka. His team installed and tested AlgoSec themselves, in a matter of days. Another capability that drove Ormat to select AlgoSec was its ability to create a workflow for their firewall configuration process. “Every time a change is made, the security manager receives an email describing the new configuration,” says Moshka. “The change is only made after the manager approves it.” The new process will ensure that all configuration changes are properly reviewed. Results Today, in addition to maintaining its network security policies more effectively, Ormat is dramatically reducing the time spent preparing for compliance audits. “Together, the firewall management process and reports keep us ready for an audit at all times. We save a great deal of audit preparation time because we already review each configuration change against the requirements on a daily basis.” Automated compliance reporting also gives Ormat the power to demonstrate compliance to customers and prospects, as the company pursues new contracts for power plant operations in the US. “By using the built-in reports, we can instantly show we are NERC and SOX compliant. It’s a valuable proof for the plant owners.” Moshka and his team also rely on AlgoSec’s built-in knowledgebase of best practices for firewall configuration. Additionally, they have customized the out-of-the-box functionality by defining additional risks that apply to Ormat’s environment. With their customized risk profile in place, each firewall configuration change is evaluated against the knowledgebase to determine which configurations to improve or avoid. “Often, a change to the firewall needs to be more restrictive than we thought,” says Moshka. “AlgoSec gives us recommendations for each new change, and we minimize security risks by following them.” Another improvement is how AlgoSec’s policy cleanup and optimization features ensure Ormat’s security policy is streamlined and easy to maintain. “Now I see exactly which policy applies to which firewall, which rules are duplicated, expired, or unused, and get recommendations on the most effective way to reorder the most used rules,” says Moshka. With AlgoSec, Ormat has taken back control for its firewall policies and compliance requirements. “We’re managing our network security with much greater confidence,” Moshka says. “Add together the value of the time we save on a daily basis, and our improved compliance readiness, and we can clearly see that AlgoSec is delivering on our investment.” Schedule time with one of our experts

Your path to zero trust and micro segmentation Select a size Which network Can AlgoSec be used for continuous compliance monitoring? Yes, AlgoSec supports continuous compliance monitoring. As organizations adapt their security policies to meet emerging threats and address new vulnerabilities, they must constantly verify these changes against the compliance frameworks they subscribe to. AlgoSec can generate risk assessment reports and conduct internal audits on-demand, allowing compliance officers to monitor compliance performance in real-time. Security professionals can also use AlgoSec to preview and simulate proposed changes to the organization’s security policies. This gives compliance officers a valuable degree of lead-time before planned changes impact regulatory guidelines and allows for continuous real-time monitoring. Executive summary Why zero trust is a strategic imperative Making the case for micro-segmentation Why micro-segmentation can be tricky Cloud micro-segmentation best practices How AlgoSec supports micro-segmentation AlgoSec: The ultimate engine for zero trust and micro-segmentation Get the latest insights from the experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Explore Algosec's customer success stories to see how organizations worldwide improve security, compliance, and efficiency with our solutions. Orange Cyberdefense Furnishes Application Delivery and Network Automation Organization Orange Cyberdefense Industry Retail & Manufacturing Headquarters Multinational Download case study Share Customer
success stories "We cut the time it takes to implement firewall rules by at least 50%" Application owners for global retail chain get faster response times with application visibility and automated deployment. Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe. They embed security into Orange Business Services solutions with more than 250 security researchers and analysts and 16 SOCs distributed around the world supporting customers in over 160 countries. The Challenge Orange Cyberdefense is an on-site consultant for a large retail chain with hundreds of stores and hundreds of thousands of employees spread out across the world.The client has over 2,500 multi-vendor firewalls and Layer 3 devices in their global data centers. They also run hundreds of mission-critical business services. Business services include supply chain management and ERP systems, global eCommerce operations, financial management systems, and much more. As a result, they had to cope with hundreds of change requests daily.Some of the challenges included: Lack of centralized management – Multiple vendors’ firewalls are deployed, which were implemented by multiple third-party vendors. There was no validation that rules were consistently applied across multiple vendor’s management consoles. Commissioning and decommissioning devices – A mix of multi-vendor new and legacy devices run in the data center and maintaining consistency across multiple vendors and multiple versions of devices was difficult. Lack of automation – Firewall communication and traffic flows were described in Excel sheets and needed to be manually updated whenever there was a change. Slow execution of change requests – Implementing firewall changes took over a week. Poorly implemented rules – The rules did not reflect what the requester asked for. They either allowed too much traffic in or were too narrow, not allowing the required traffic and thus needed to be re-implemented. The Solution The client searched for a solution that provided: Faster implementation of firewall changes. Comprehensive firewall support for a globally dispersed multi-vendor, hybrid estate. Automation of security policy change management and documentation of security policy changes. Visibility into their business applications and traffic flows. They implemented the AlgoSec Security Policy Management Solution, made up of AlgoSec Firewall Analyzer, AlgoSec FireFlow, and AlgoSec AppViz and AppChange (formerly AlgoSec BusinessFlow). AlgoSec Firewall Analyzer analyzes complex network security policies across on-premise, cloud, and hybrid networks. It automates and simplifies security operations, including troubleshooting, auditing and risk analysis. Using Firewall Analyzer, the client can optimize the configuration of firewalls, and network infrastructure to ensure security and compliance. AlgoSec FireFlow enables security staff to automate the entire security policy change process from design and submission to proactive risk analysis, implementation, validation, and auditing. Its intelligent, automated workflows save time and improve security by eliminating manual errors and reducing risk. AlgoSec AppViz and AppChange (formerly AlgoSec BusinessFlow) discover, identify, and map business applications, providing critical security information regarding the firewalls and firewall rules supporting each connectivity flow. With AlgoSec AppChange, changes can be made at the business application level, including application migrations, server deployment, and decommissioning projects. The Results Some of the ways the client benefits from using AlgoSec include: Greater transparency by providing a single source of truth that took into consideration the entire network estate. 50% reduction in the time needed to implement firewall rules. More communication between network security/IT staff and business application owners who are now able to submit change requests in business language and easily describe their needs, thus reducing misconfigurations and potential breaches. Better compliance reporting – with both an easy API integration and also audit-ready compliance reports. Automated change management – network changes are now recorded while being made – not managed with Excel. By using AlgoSec, application owners have more visibility into the network and are better able to trace what has changed within their business applications. “Documentation is several hundred percent better this way,” said Hans Broomé, Network and Security Consultant at Orange Cyberdefense. “With many different versions of the services, by using AlgoSec the IT team is confident that they are making changes to the correct version.” There were even unexpected gains, such as improved security management procedures. Change requests became more accurate as they gained visibility into the network and made the change request process more systematic and transparent. Requesters, as well as stakeholders such as their managers, have full visibility of their change request’s status and can verify that the request works as intended. Orange Cyberdefense is also impressed with the dedicated attention they receive from AlgoSec. AlgoSec’s support team is familiar with the global organization and provides dedicated attention tailored to their exact needs. They stay up to date with the AlgoSec solution’s latest capabilities, and the technical team maximizes their use of it thanks to an extensive training library. “The best is yet to come,” concluded Broomé. Schedule time with one of our experts

Implement micro-segmentation effectively, from strategy to execution, to enhance security, minimize risks, and protect critical assets across your network. Micro-segmentation from strategy to execution ---- ------- Schedule a Demo Select a size ----- Get the latest insights from the experts Choose a better way to manage your network

Common Firewall Threats Do you really know what vulnerabilities currently exist in your enterprise firewalls? Your vulnerability scans... Cyber Attacks & Incident Response Top 10 common firewall threats and vulnerabilities Kevin Beaver 2 min read Kevin Beaver Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 7/16/15 Published Common Firewall Threats Do you really know what vulnerabilities currently exist in your enterprise firewalls? Your vulnerability scans are coming up clean. Your penetration tests have not revealed anything of significance. Therefore, everything’s in check, right? Not necessarily. In my work performing independent security assessments , I have found over the years that numerous firewall-related vulnerabilities can be present right under your nose. Sometimes they’re blatantly obvious. Other times, not so much. Here are my top 10 common firewall vulnerabilities that you need to be on the lookout for listed in order of typical significance/priority: Password(s) are set to the default which creates every security problem imaginable, including accountability issues when network events occur. Anyone on the Internet can access Microsoft SQL Server databases hosted internally which can lead to internal database access, especially when SQL Server has the default credentials (sa/password) or an otherwise weak password. Firewall OS software is outdated and no longer supported which can facilitate known exploits including remote code execution and denial of service attacks, and might not look good in the eyes of third-parties if a breach occurs and it’s made known that the system was outdated. Anyone on the Internet can access the firewall via unencrypted HTTP connections, as these can be exploited by an outsider who’s on the same network segment such as an open/unencrypted wireless network. Anti-spoofing controls are not enabled on the external interface which can facilitate denial of service and related attacks. Rules exist without logging which can be especially problematic for critical systems/services. Any protocol/service can connect between internal network segments which can lead to internal breaches and compliance violations, especially as it relates to PCI DSS cardholder data environments. Anyone on the internal network can access the firewall via unencrypted telnet connections. These connections can be exploited by an internal user (or malware) if ARP poisoning is enabled via a tool such as the free password recovery program Cain & Abel . Any type of TCP or UDP service can exit the network which can enable the spreading of malware and spam and lead to acceptable usage and related policy violations. Rules exist without any documentation which can create security management issues, especially when firewall admins leave the organization abruptly. Firewall Threats and Solutions Every security issue – whether confirmed or potential – is subject to your own interpretation and needs. But the odds are good that these firewall vulnerabilities are creating tangible business risks for your organization today. But the good news is that these security issues are relatively easy to fix. Obviously, you’ll want to think through most of them before “fixing” them as you can quickly create more problems than you’re solving. And you might consider testing these changes on a less critical firewall or, if you’re lucky enough, in a test environment. Ultimately understanding the true state of your firewall security is not only good for minimizing network risks, it can also be beneficial in terms of documenting your network, tweaking its architecture, and fine-tuning some of your standards, policies, and procedures that involve security hardening, change management, and the like. And the most important step is acknowledging that these firewall vulnerabilities exist in the first place! Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Learn best practices to secure your cloud environment and deliver applications securely Webinars 5 Tips for Securing your Multi-Cloud Environment As more organizations embrace hybrid workplaces, multi-cloud environments have become a popular way to deliver resource availability. Still, this development has not been without security concerns. As most breaches are the fault of human error, the most effective way to protect your multi-cloud environment is by training your team to implement best practices designed to minimize risk and deliver applications securely. In this webinar, we’ll cover 5 easy tips that will help you secure your multi-cloud environment. October 12, 2022 Ava Chawla Global Head of Cloud Security Jacqueline Basil Product Marketing Manager Relevant resources 6 must-dos to secure the hybrid cloud Read Document 5 things you didn’t know you could do with a security policy management solution Keep Reading A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

1. Application-centric security Many of today’s security discussions focus on compromised credentials, misconfigurations, and malicious... Cloud Security Emerging Tech Trends – 2023 Perspective Ava Chawla 2 min read Ava Chawla Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/24/22 Published 1. Application-centric security Many of today’s security discussions focus on compromised credentials, misconfigurations, and malicious or unintentional misuse of resources. Disruptive technologies from Cloud to smart devices and connected networks mean the attack surface is growing. Security conversations are increasingly expanding to include business-critical applications and their dependencies. Organizations are beginning to recognize that a failure to take an application-centric approach to security increases the potential for unidentified, unmitigated security gaps and vulnerabilities. 2. Portable, agile, API & automation driven enterprise architectures Successful business innovation requires the ability to efficiently deploy new applications and make changes without impacting downstream elements. This means fast deployments, optimized use of IT resources, and application segmentation with modular components that can seamlessly communicate. Container security is here to stay Containerization is a popular solution that reduces costs because containers are lightweight and contain no OS. Let's compare this to VMs, like containers, VMs allow the creation of isolated workspaces on a single machine. The OS is part of the VM and will communicate with the host through a hypervisor. With containers, the orchestration tool manages all the communication between the host OS and each container. Aside from the portability benefit of containers, they are also easily managed via APIs, which is ideal for modular, automation-driven enterprise architectures. The growth of containerized applications and automation will continue. Lift and Shift left approach will thrive Many organizations have started digital transformation journeys that include lift and shift migrations to the Cloud. A lift and shift migration enables organizations to move quickly, however, the full benefits of cloud are not realized. Optimized cloud architectures have cloud automation mechanisms deployed such as serverless (i.e – AWS Lamda), auto-scaling, and infrastructure as code (IaC) (i.e – AWS Cloud Formation) services. Enterprises with lift and shift deployments will increasingly prioritize a re-platform and/or modernization of their cloud architectures with a focus on automation. Terraform for IaC is the next step forward With hybrid cloud estates becoming increasingly common, Terraform-based IaC templates will increasingly become the framework of choice for managing and provisioning IT resources through machine-readable definition files. This is because Terraform, is cloud-agnostic, supporting all three major cloud service providers and can be used for on-premises infrastructure enabling a homogenous IaC solution across multi-cloud and on-premises. 3. Smart Connectivity & Predictive Technologies The growth of connected devices and AI/ML has led to a trend toward predictive technologies. Predictive technologies go beyond isolated data analysis to enable intelligent decisions. At the heart of this are smart, connected devices working across networks whose combined data 1. enables intelligent data analytics and 2. provides the means to build the robust labeled data sets required for accurate ML (Machine Learning) algorithms. 4. Accelerated adoption of agentless, multi-cloud security solutions Over 98% of organizations have elements of cloud across their networks. These organizations need robust cloud security but have yet to understand what that means. Most organizations are early in implementing cloud security guardrails and are challenged by the following: Misunderstanding the CSP (Cloud Service Provider) shared responsibility model Lack of visibility across multi-cloud networks Missed cloud misconfigurations Takeaways Cloud security posture management platforms are the current go-to solution for attaining broad compliance and configuration visibility. Cloud-Native Application Protection Platforms (CNAPP) are in their infancy. CNAPP applies an integrated approach with workload protection and other elements. CNAPP will emerge as the next iteration of must have cloud security platforms. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Accelerate security with Algosec Jumpstart. Pre-configured packages for rapid deployment of firewalls, VPNs, and more. Streamline security operations now. Algosec Jumpstart: Quick Deployment Packages ---- ------- Schedule a Demo Select a size ----- Get the latest insights from the experts Choose a better way to manage your network

Podcast: Differences between UTM and NGFW In our recent webcast discussion alongside panelists from Fortinet, NSS Labs and General... Firewall Change Management NGFW vs UTM: What you need to know Sam Erdheim 2 min read Sam Erdheim Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 2/19/13 Published Podcast: Differences between UTM and NGFW In our recent webcast discussion alongside panelists from Fortinet, NSS Labs and General Motors, we examined the State of the Firewall in 2013. We received more audience questions during the webcast than the time allowed for, so we’d like to answer these questions through several blog posts in a Q&A format with the panelists. By far the most asked question leading up to and during the webcast was: “What’s the difference between a UTM and a Next-Generation Firewall?” Here’s how our panelists responded: Pankil Vyas, Manager – Network Security Center, GM UTM are usually bundled feature set, NGFW has bundle but licensing can be selective. Depending on the firewall’s function on the network, some UTM features might not be useful, creating performance issues and sometimes firewall conflicts with packet flows. Nimmy Reichenberg, VP of Strategy, AlgoSec Different people give different answers to this question, but if we refer to Gartner who are certainly a credible source, a UTM consolidates many security functions (email security, AV, IPS, URL filtering etc.) and is tailored mostly to SMBs in terms of management capabilities, throughput, support, etc. A NGFW is an enterprise-grade product that at the very least includes IPS capabilities and application awareness (layer 7 control). You can refer to a Gartner paper titled “Defining the Next-Generation Firewall” for more information. Ryan Liles, Director of Testing Services, NSS Labs There really aren’t any differences in a UTM and a NGFW. The technologies used in the two are essentially the same, and they generally have the same capabilities. UTM devices are typically classified with lower throughput ratings than their NGFW counterparts, but for all practical purposes the differences are in marketing. The term NGFW was coined by vendors working with Gartner to create a class of products capable of fitting into an enterprise network that contained all of the features of a UTM. The reason for the name shift is that there was a pervasive line of thought stating a device capable of all of the functions of a UTM/NGFW would never be fast enough to run in an enterprise network. As hardware has progressed, the capability of these devices to hit multi-gigabit speeds began to prove that they were indeed capable of enterprise deployment. Rather than try and fight the sentiment that a UTM could never fit into an enterprise, the NGFW was born. Patrick Bedwell, VP of Products, Fortinet There are several definitions in the market of both terms. Analyst firms IDC and Gartner provided the original definitions of the terms. IDC defined UTM as a security appliance that combines firewall, gateway antivirus, and intrusion detection / intrusion prevention (IDS/IPS). Gartner defined an NGFW as a single device with integrated IPS with deep packet scanning, standard first-generation FW capabilities (NAT, stateful protocol inspection, VPN, etc.) and the ability to identity and control applications running on the network. Since their initial definitions, the terms have been used interchangeably by customers as well as vendors. Depending on with whom you speak, UTM can include NGFW features like application ID and control, and NGFW can include UTM features like gateway antivirus. The terms are often used synonymously, as both represent a single device with consolidated functionality. At Fortinet, for example, we offer customers the ability to deploy a FortiGate device as a pure firewall, an NGFW (enabling features like Application Control or User- and Device-based policy enforcement) or a full UTM (enabling additional features like gateway AV, WAN optimization, and so forth). Customers can deploy as much or as little of the technology on the FortiGate device as they need to match their requirements. If you missed the webcast, you can view it on-demand. We invite you to continue this debate and discussion by commenting here on the blog or via the Twitter hashtag Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

The certification demonstrates AlgoSec’s commitment to protecting its customers’ and partners’ data Data protection is a top priority for... Auditing and Compliance AlgoSec attains ISO 27001 Accreditation Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 1/27/20 Published The certification demonstrates AlgoSec’s commitment to protecting its customers’ and partners’ data Data protection is a top priority for AlgoSec, proven by the enhanced security management system we have put in place to protect our customers’ assets. This commitment has been recognized by the ISO, who has awarded AlgoSec the ISO/IEC 27001 certification . The ISO 27001 accreditation is a voluntary standard awarded to service providers who meet the criteria for data protection. It outlines the requirements for building, monitoring, and improving an information security management system (ISMS); a systematic approach to managing sensitive company information including people, processes and IT systems. The ISO 27001 standard is made up of ten detailed control categories detailing information security, security organization, personnel security, physical security, access control, continuity planning, and compliance. To achieve the ISO 27001 certification, organizations must demonstrate that they can protect and manage sensitive company and customer information and undergo an independent audit by an accredited agency. The benefits of working with an ISO 27001 supplier include: Risk management – Standards that govern who can access information. Information security – Standards that detail how data is handled and transmitted. Business continuity – In order to maintain compliance, an ISMS must be continuously tested and improved. Obtaining the ISO 27001 certification is a testament to our drive for excellence and offers reassurance to our customers that our security measures meet the criteria set out by a global defense standard. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call