Category

Network Security

Category

The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenges, and security is always one of these. According to the CNCF’s Cloud Native Landscape, today the market offers more than 100 tools to manage containers, but 89% of the software architects, DevOps managers,…

Industries from hospitality to taxis/transportation and food delivery are being disrupted by new age companies like Airbnb, Uber and DoorDash that have a cloud-based software infrastructure as one of their main enablers. Why do all these new companies use cloud and what advantage does it give them? Unlike legacy competitors, innovators with new infrastructure can: Quickly scale and grow their customer baseSupport their business in different geographies and ensure availabilityEnsure convenience, with users accessing the…

The main things that prevent enabling security solutions like WAF/RASP/IDS/IPS in a blocking mode are false positives. Probably the second one is their inline performance and additional latency, but still. As a cloud-native WAF vendor,  we at Wallarm are actively checking our products for false positives to continuously deliver better detection quality for our customers.  One of the ways to address false positives is to detect it early before the real customer will be blocked.…

One of the services Wallarm offers today are Pentest Audits. Our team has met a new challenging task at a recent project: penetration test & usage for Apache Solr V4.10.4. We want to use this blog to describe the way we have identified vulnerability & managed to execute commands with root privileges. Hope that it will help DevOps teams & sysadmins with Apache Solr deployment & to protect their data. While working on a new…

Last month, Wallarm Cybersecurity Strategist Kavya Pearlman interviewed cyberwar fare expert Chris Kubecka via a webinar session that was well attended and very timely discussion. If you missed the webinar, worry not! Here is a quick recap of the discussion around “Application Security in the age of Cyberwar”. These days we must be prepared to fight off not just hackers in search of simple financial gain, but malicious actors funded by hostile states. Asymmetry is…

Testing the security of the corporate applications is a part of every-day life for Ops and DevOps professionals. Larger companies have whole teams dedicated to independent security testing, called Red Teams. These folks use various tools at their disposal to discover the flaws in both applications and infrastructure. These teams often take the same approach as pen testers — external contractors that are hired to penetrate the company defences. More recently, many companies are supplementing their internal…