You Can’t Secure What You Don’t Know About: APIs

In this LinkedIn post, Karen Lopez shares her conversation with NoName Security about the importance of API security. She explains that as APIs serve as the primary way of accessing data in present times, ensuring their security, especially considering technical debt, becomes crucial to avoiding data breaches. She urges organizations to consider solutions such as those offered by NoName Security, which include features to discover, classify, manage, and assess the vulnerabilities of APIs.


2023 SASE, SDWAN, Enterprise Edge and Cloud Networks

The 2023 SASE-SDWAN Enterprise Edge and Cloud Networking report provides valuable insights into the world of enterprise connectivity, unraveling the complexity of SD-WAN, SASE, SSE, ZTNA, MCN, and NaaS. The report includes discussion related to the HashiCorp presentation at Security Field Day and the Mako Networks presentation at Edge Field Day along with a wealth of information about the evolving landscape of enterprise edge and cloud networking, helping professionals navigate the alphabet soup of networking solutions.


Ways to Amplify Unvalued Security Teams in Organizations

The security staff is often the most unappreciated members of a workforce. It is a problem that seems to be at the root of its failings. With the exponential growth of networks and the increasing number of breaches, it is clear that security is a pressing issue. However, there is a lack of awareness and understanding surrounding the imperfections and limitations of security measures. It is essential for organizations to elevate awareness, forge a cohesive internal culture, and invest in the right tools and training to support their security teams. Additionally, responsible packaging and marketing from vendors can help buyers make informed decisions. Ultimately, removing obstacles and valuing security specialists is essential for ensuring cyber resilience. Watch the delegates from the recent Security Field Day event explore this at a roundtable discussion.


Meet Field Day Delegate – Roy Chua, Founder and Principal at AvidThink

Tom Hollingsworth interviews Roy Chua, Founder and Principal at AvidThink, in this Tech Field Day delegate spotlight. Roy shares his journey from network software engineer to product management and eventually transitioning into the analyst space with his research and analysis service, AvidThink. He discusses the challenges of staying up-to-date in the rapidly evolving technology landscape and highlights the value of focusing on targeted and cutting-edge areas. Welcome to the Tech Field Day community, Roy!


Performing On-Site Security Sweeps With NetAlly CyberScope

Site surveys are a great way to detect anomalies and track down vulnerabilities in a site network. But without a proper tool, it is a fool’s errand. NetAlly’s CyberScope, the world’s first handheld cybersecurity tool, helps mitigate risks by actively probing and scanning networks, categorizing devices, and providing real-time analytics and reports to enable effective security management. Read the review at Gestalt IT or watch the solution demo on the website.


Ramping Up Multicloud Visibility With Cisco Multicloud Defense

Enterprises’ journey to multi-cloud is often fraught with security concerns and deadlocks. As enterprises adopt multi-cloud strategies, the distribution of data and assets across various cloud providers can lead to reduced visibility, hindering security and impeding business resilience. Cisco Multicloud Defense addresses this challenge by providing unobstructed visibility and unified security across platforms, enabling consistent protection against threats and data exfiltration. Read about it at Gestalt IT or watch the demo live on the website.


Noname Security at Security Field Day 9 Wrap-Up

Noname Security had the opportunity to present at Security Field Day 9, and this company blog post reports the highlights. The company delivered three informative sessions discussing the problem of API security and showcasing their comprehensive suite of solutions. The presentations were well-received by the delegates, and we’re thrilled to hear that Noname Security appreciated the engaging discussions and positive feedback received. We hope to see them back at Field Day again soon!


Commvault Metallic ThreatWise – Discerning the First Signs to Quell an Attack Early

Early warning signs of a cyberattack exist only to the most discerning eye. Unlike traditional monitoring tools, Commvault Metallic ThreatWise utilizes a defense by deception strategy, deploying decoy assets in the environment to divert attackers and buy time for defenders to take action. With its lightweight and cost-efficient architecture, ThreatWise provides real-time insights on active and hidden threats, allowing organizations to detect and mitigate attacks at the earliest stages. Read about it at Gestalt IT or watch the demo here on the website.


Executing Zero-Trust Security and Building a Protective Perimeter With HashiCorp Boundary Enterprise

Identity-driven security is critical to countering attempts of credential harvesting. HashiCorp Boundary Enterprise brings the capability to secure on-demand access with granular identity controls to organizations in regulated industries. As organizations transition to cloud-based infrastructures, traditional network perimeters become less relevant, and identity becomes the primary focus of security. By standardizing remote user access and utilizing the principle of least privilege, HashiCorp Boundary enables organizations to secure their infrastructure while granting granular authorizations and creating a centralized access workflow. Read about it at Gestalt IT or watch the demo here on the website.


Safety in the API Jungle

Bruno Wollmann discusses the increasing security vulnerabilities and attack vectors exposed by APIs in today’s digital landscape. Noname Security presented at Security Field Day 9 and provides a comprehensive solution to address this issue. Their platform encompasses four key pillars: discovery, posture, runtime, and testing, allowing organizations to gain visibility, detect vulnerabilities, monitor traffic, and implement dynamic application security testing (DAST) for a proactive approach to API security. Read more of Bruno’s thoughts on his blog!


Querying Data at Source With Cribl Search

At the recent Security Field Day event, Cribl presented Cribl Search, a service included in Cribl Suite. Cribl Search allows users to query data in scattered addresses without having to move them. No matter where the data resides, Cribl Search lets users explore and investigate datasets in real time. Read about Cribl Search at Gestalt IT or watch the demo live on the website.


Embedding Security in the Code With Noname Security’s Active Testing V2

API security is front and center in cybersecurity, and integral to the future of APIs. Noname Security’s Active Testing v2 offers dynamic testing of APIs in shift left security, enabling organizations to infuse security deep within the code. By integrating security into the CI/CD processes, Active Testing v2 enables teams to proactively detect vulnerabilities and minimize the chances of API exploits. With its user-friendly interface and comprehensive testing capabilities, the solution empowers developers to embrace shift left security and ensure the early detection and mitigation of potential issues. Read about it at Gestalt IT or watch the demo live on the website.


Security Is Hard

In this article, Alex Neihaus acknowledges the difficulty and challenging nature of enterprise security. Calling attention to the recent delegate roundtable discussion at Security Field Day, Alex highlights the asymmetric nature of the battle, where securing an environment requires perfection while attackers only need to exploit a single vulnerability.


Thirty-Six GigaToasters

In this episode of Chaos Lever, Chris Hayner and Ned Bellavance cover Security Field Day 9, highlighting presentations by Comvault, Noname Security, Cisco, Cribl, and NetAlly’s Cyberscope. They discuss Comvault’s ThreatWise platform, which focuses on ransomware detection, and the use of fake hosts and lures to trap potential attackers. They also mention Cisco’s new hardware firewalls, the 4200 series, and their multicloud network security model. Chris shares insights on NetAlly’s Cyberscope, a handheld cybersecurity analyzer.


Enhancing Data Protection: The Power of Real-Time Intruder Deception and Detection

In this LinkedIn article by Lars Trøen, the innovative approach to data protection showcased by Commvault at Security Field Day 9 is discussed. The article highlights the incorporation of Metallic Threatwise, a honeypot and deception service, into Commvault’s data protection software system. This integration enables real-time detection of intruders and provides tailored recommendations for deploying honeypots within the network, enhancing organizations’ ability to stay ahead of evolving cybersecurity threats.


Democratizing Security Testing

In this post, Michael Davis discusses the democratization of security testing and validation. He highlights NetAlly’s introduction of Cyberscope, an Android-powered handheld tool that simplifies network security testing. Cyberscope offers a user-friendly interface to powerful tools like Nmap, enabling non-experts to leverage long-standing security testing programs. James Kahkoska, CTO of NetAlly, presented Cyberscope at Security Field Day and Davis provides a link to watch the presentation and the ensuing discussion on privacy matters related to RF signal collection in unlicensed spectrum.


Evolving API Landscape and Ensuring Secure Transitions With the Help of Noname Security

In this LinkedIn post, Lars Trøen reflects on his experience as a remote delegate at Security Field Day. He highlights the importance of API security in the rapidly evolving landscape of application programming interfaces (APIs). Trøen discusses the challenges faced in adapting to changing API standards and emphasizes the significance of making informed decisions and prioritizing web application security. Trøen also highlights the services offered by Noname Security, such as monitoring API calls and providing API testing, to facilitate smooth and secure API transitions.


Grokking a Cosmos’ Worth of Logs

In this thought-provoking article, Alex Neihaus expresses his skepticism towards the concept of “big data” and highlights the challenges of managing and extracting actionable insights from massive amounts of operational logging data. He references Cribl’s product, Stream, showcased at Security Field Day, which intelligently eliminates data noise and selectively ingests log data into any destination. By reducing unnecessary data, Stream not only offers cost savings but also enhances the quality and accuracy of analysis, allowing organizations to focus on the most relevant security information within their logging data.


You Are Your APIs

In this article, Alex Neihaus discusses the emerging category of API security products and the potential security vulnerabilities posed by APIs. He highlights Noname Security’s product, which was outlined at Security Field Day 9. Alex is impressed with the capabilities of Noname’s API security solution, including its ability to analyze network traffic and categorize APIs based on public domain names. The post emphasizes the importance of API security in protecting businesses and encourages readers to consider adding API security to their security product arsenal.


Login…rinse…repeat

In this LinkedIn post, Alex Neihaus discusses the challenges faced by cloud infrastructure architects, engineers, and developers when it comes to managing access to hosts and databases. He highlights the convenience of storing credentials in insecure locations and the need for a more secure solution. Alex introduces HashiCorp Boundary, a cloud-native infrastructure access management tool presented at Security Field Day that combines scalable proxying and cloud-native network constructs to solve these challenges. He emphasizes its secure and auditable nature, as well as its open-source architecture, which allows for internal examination and trust in enterprise environments.