Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A Web Application Firewall (WAF) is a security solution designed to protect web applications from various attacks, including SQL injection, cross-site scripting (XSS), and others. There are two types of WAF: on-premise and cloud-based.

Many of the businesses that already have revenue-generating web applications are starting an API-first program. Now, old monolithic apps are being broken into microservices developed in elastic and flexible service-mesh architecture. The common question most organizations grapple with is – how to enhance application security designed for web apps to APIs and API security? Protecting APIs against modern cyber threats requires going beyond the traditional solutions.

Defining and implementing a network microsegmentation strategy is paramount to securing the network and protecting assets. However, it’s also a time-consuming and resource-intensive endeavor. This means it’s vital that enterprises are confident that their zone-to-zone security policy is functioning as intended.

Rapid digitization means that organizations are now more connected than ever. Most organizations now host a combination of interconnected IT, OT, IoT and sometimes IoMT devices in their networks, which has increased their attack surface. Forescout’s data shows that around 24% of connected devices in every organization are no longer traditional IT.

The last decade has seen a notable step in the evolution of network security and operations as companies move to a Software Defined Network (SDN) model, centralising control of switches, routers, VPN concentrators, load balancers and SD-WAN devices. This simplifies the management and operation of the network, driving down operational costs and reducing risk through better patch and update management.

In this SaaSTrana podcast, Sunil Agrawal (CISO, Glean) shared his insights with Venky on the evolution of cybersecurity attacks and changes in hacker behavior over the years. He also shares his experience of a sub-domain takeover and how it led him to build foundationally secured SaaS products.

It’s a familiar nightmare you’ve heard of and might even face as a developer or security engineer: alerts firing in all directions warning that your company’s VPN and firewall — that supposedly “safe” defensive perimeter around your infrastructure — has been breached. And the scariest part is that you find out after the fact — after access credentials and customer assets have been stolen.