Posts

Data breach on laptop with warning sign

Majority of Companies Are Not Disclosing Their Data Breaches

Data breach on laptop with warning sign

It is a common misconception to think that companies absolutely must disclose details of any internal breaches they may have suffered. In reality, the majority of data breaches go unreported, and details of the leak are rarely revealed to the public. Recently in the media, Yahoo came under fire and heavy scrutiny for late disclosure of two major data breaches of user account data. The Internet service company suffered two massive breaches in both 2013 and 2014 – resulting in the largest discovered data breaches in the history of the Internet – but this situation was only made public during the latter part of 2016.

This begs the question, should companies be forced to disclose data breaches? As we shall soon see being PCI compliant is only the beginning to assessing the security practices of a company.

False sense of security protection

Just because a company is internationally known it doesn’t automatically mean that your data is safe. Many users have a false sense of protection, simply because they trust the brand. But when it comes to these companies’ cybersecurity practices, quality security measures may not be a top priority since most are typically sales-driven. For example, besides the recent Yahoo breach, there have been numerous cyberattacks that have made headlines like Dropbox’s 68 million users’ data leakage that remains engraved in the minds of the public.

Part of that reason that so many attacks go unreported is because most companies simply do not need to disclose that sort of information in the first place. There is no current law requiring corporations to reveal when customer data has been compromised, so it makes sense that data breaches go unreported. A hacking incident could tarnish the reputation of the brand and instill mistrust among customers, which is never something corporations want. Even if large corporations choose to disclose data breaches, the extent to which data has been compromised are probably not revealed in full and downplayed.

For instance in the case of credit card breaches, customers will simply receive email reminders to change their account passwords or the bank will issue new cards to mask the data breach. Cases like this provide a sense that nothing is wrong and it is simply “routine procedure.” So, what can you as the customer do?

PCI Compliance?

If you are engaging in online transactions, ensure that the company is PCI-DSS (Payment Card Industry Data Security Standard) compliant.

Below is a clear definition of this industry standard:

The Payment Card Industry Data Security Standard, or simply PCI DSS, is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

With most brands moving their businesses online, there is a growing concern for the security implications of online transactions. When a corporation is not PCI compliant, there is a higher chance of data leakage – but even this industry standard is purely a minimal requirement. Just like how it is not a law for corporations to reveal internal data breaches, PCI compliance is just a security standard for online transactions – but not the law. That means businesses can continue to sell products online without the proper security standards intact. Furthermore, research by Verizon has shown that seven in ten businesses who achieve PCI compliance fail to maintain this compliance for a minimum period of one year.

Because corporations do not differentiate between what it means to “be validated” and to “be compliant,” this finding is extremely daunting especially in the light of recent data breaches. To be validated specifies a precise point in time when a business chooses to be assessed for compliance. This assessment is therefore a snapshot in time and says virtually nothing about the business during the rest of the year. For example, a company that suffered a data breach may reveal to its customers that they were validated for PCI compliance within the past year, but it doesn’t necessarily mean they were compliant at the time of the actual data breach.

In fact, according to one of the authors of the Verizon report, “…data from the past 10 years shows, that not a single company that suffered a data breach was compliant with PCI requirements at the time of the incident.” PCI standards set a strong baseline protection for any business but at the end of the day it is just the “minimum bar” to entice competitors to reach that same level of security simply because customers expect at least that much.

But is it enough? In many cases, no.

For example, Home Depot, who was PCI compliant, suffered a massive data breach in 2014. Many questioned how this breach could have occurred to such a huge retailer especially when it was supposedly certified to the security standards associated with credit card transactions. However, according to CIO, Home Depot’s data breach stemmed from using outdated Symantec antivirus software, not monitoring the network continuously for suspicious behavior, and performing vulnerability scans irregularly at only a  few of its stores. Stolen customer information also went unnoticed for several months. This is a perfect example that demonstrates that there is more to being secure than being PCI compliant.

Security beyond PCI compliance

A larger company like Home Depot can certainly afford to hire a security team but because security was not prioritized, it was too little too late when they were struck with a massive data breach. Adhering to the PCI standards sets the minimum bar but there is more to security – to start off, companies should be incorporating a Web Application Firewall (WAF) to their security platforms. Not only does a good WAF do much more to protect your website against external threats including DDoS and data leakages, the best part is that they also do not require a special security team to operate and manage the system.

With the rise of cloud services, WAF-as-a-service has also become popular since it doesn’t require additional hardware.Only minimal technical knowledge is needed involving a simple DNS configuration to register websites under WAF protection. Cloud WAFs manage all inbound and outbound traffic and are able to automatically detect and filter malicious attacks. This is huge for businesses who may still be starting out and cannot necessarily afford specialized security teams. For example, Cloudbric, a cloud-based WAF service, offers easy to understand web traffic analytics and allows users with little to no IT-security knowledge to manually look at their web traffic data in search of any inconsistencies.

The reality is that hackers can gain access to confidential information with relative ease so data leaks will likely continue to prevail. It’s important to keep in mind that just because it doesn’t make news headlines doesn’t mean that data breaches are not a common occurrence. We can have a false sense of security believing that entrusting our sites to well-known and successful companies can keep our information secure. But while following standards like PCI DSS is a great start, when thinking about the best security practices it’s best to think about the long-term and how to implement a solution that has you covered any time and anywhere.

Cloudbric as a one-stop wall of security

Why You Need a Firewall

Your Website is Published. Is it Good to Go?

 

According to the Netcraft January 2015 web server survey, there are over 876 million websites all around the world. Among them, however, 30,000 websites are hacked each day and the majority of these websites are legitimate small businesses that are irrelevant to cyber criminals. Why is this the case? Many of them missed the final touch. The website owners must have thought their websites were ready to go online. Yet, there was one thing they left out. The firewall.

You might be thinking ‘Among those 876 million websites, mine is just a small one. Why would mine be attacked when there are so many out there to be targeted?’ You’ll be surprised to see how many attacks every website receives, regardless of size. Here are the ACTUAL dashboards of Cloudbric customers who kindly agreed to share their traffic levels.

1. Personal Website

A number of cyber attacks personal website received

Cloudbric protected this user’s website by blocking 2,323 attack attempts originating from five hackers.

2. Small/Medium-Sized Business

A number of cyber attacks business website received

Cloudbric has stopped a high volume of dangerous activity, with two recent spikes.

If you look at the dashboard images above, both the personal website and business website had been attacked. Indeed, the personal website had alarmingly high number of attacks. Your website is not an exception. Building a website with no protection measure is like building a house without a door lock. Do you still think hackers would ignore your site because it’s too small to get their attention? Well, that’s a big no!

Here Are 2 Main Reasons Why Hackers Attack Your Website

 

1. Just for Fun or to Show Off

“Deface hacking” is one of the hacking methods that is increasing sharply. This hacking activity finds a target website’s vulnerabilities and inserts a new webpage or changes content. As a result, the website will not appear at all or it will contain irrelevant content or malicious code.

2. To Use Your Site for Further Attacks

The most famous hacking method is DDoS attack. With this method, a hacker can connect many innocent computers to form a botnet. Such zombie computers are controlled by a hacker. A botnet makes it harder to detect the real hacker and also makes it harder to block. Your website may not be ‘that’ important, but it can still be used for another crime.

 

All Websites Are Constantly Being Attacked, Regardless of Size

Before publishing your website, make sure that it is secured. Simply set up a guard in front of your website.Once you set up a firewall, all kinds of website attacks can be blocked. Then you can finally have peace of mind for your website.

Cloudbric as a one-stop wall of security

Cloudbric fends off the major types of attacks.

signature-less-detection-technology

The Benefits of Using Signature-less Detection Technology

signature-less-detection-technology

Cloudbric takes pride in being different from its competitors. With over 19 years of information security experience, Cloudbric Business Edition (BE) utilizes a Web Application Firewall (WAF) based on Penta Security’s unique logic based hardware WAF called WAPPLES. Managing your enterprise’s security has never been easier, not to mention cost saving.

Cloudbric BE is a fully managed autonomous cloud web security suite. What this means is Cloudbric BE enables all enterprise clients, as well as web hosting providers, to successfully install an on-premises WAF solution into their physical or cloud based infrastructure. Futhermore, we eliminated complicated installation procedures, enterprise security settings configurations, and the need to expend resources on specialized security teams. Cloudbric BE’s elite performance derives from its Contents Classification and Evaluation Processing (COCEP) technology. This technology relies on a signature-less detection technology. This is what separates Cloudbric BE from the rest of the market in terms of pure security.

Benefits of Using Cloudbric Business Edition

Most traditional WAF vendors primarily rely on pattern matching or signature-based detection. This means that they are only able to detect and filter previously recorded or known web attacks that have already occurred. However, Cloudbric Business Edition is unique in that we use 26 custom algorithms and rule sets to more accurately block web attacks with low false positives. Our logic based algorithms allow our WAF to capture a wider range of web attacks and possibilities. This helps us detect even unknown or modified web attacks.

The benefits of switching to Cloudbric and taking advantage of this signature-less detection technology are evident:

1. Precise Detection

We detect attacks before they become a problem. As previously mentioned, Cloudbric BE operates on a logic based engine that can block known, unknown attacks, and modified web attacks. Instead of constantly relying on outdated signatures and attack patterns to identify incurred web attacks, we allow our 26 preset rules to intelligently discover more attacks and at a higher accuracy (low false positive).

2. Zero Signature Updates Required

This benefit is clear: no need to perform signature updates! Problems arise with signature-based detection because they cannot predict or detect modified and new attacks. As a result, enterprises have to continuously update new signatures and pay more in the long run. Other WAF vendors charge high prices to purchase their enterprise WAFs, perform installation and settings configuration, and product maintenance with constant system/signature updates. These security vendors leave enterprises with their hands tied since they have to face a choice between leaving their websites exposed to new attacks or pay for the next set of signature updates. With Cloudbric BE there is no need to pay for zero signature updates as they are not required.

3. Cost Saving

As we just mentioned above, not requiring our clients to update signatures can present a major cost savings in the long run. Additionally, we require zero installation or settings configurations in order to activate Cloudbric BE. Hence, enterprises do not need to have a security team to install and constantly maintain our product. Cloudbric BE prides itself in being the ultimate fully managed security suite that can act as your in house web security team. Switch to Cloudbric BE and avoid paying for new updates on top of the enterprise price!

Our special logic analysis engine is what differentiates Cloudbric from other website protection solutions. By opting for a signature-less detection technology and a higher accuracy rate enterprises can save a fortune since it requires zero signature updates, zero hassle, and helps you save money by not expending more unnecessary resources. Compared to our competitors, Cloudbric BE offers affordable and customized pricing to fit the needs of our enterprise customers.

CMS

What Does ‘Website’ Mean to CMS Users?

The definition and concept of website will invariably differ depending on the demographic you’re questioning. Defined literally, a website is a connected group of pages on the internet that use unique addresses and routes on the network, which are based on internet protocols. But who can actually understand this kind of explanation? CMS has become the leading solution to building a website with relative ease, and has become a second home for bloggers worldwide. 

Some of the most widely used CMS tools include WordPress, Joomla, and Drupal. CMS users that depend on these tools must take a closer look at some important issues we will address.

CMS

Chances are you have one of these open right now.

Whereas business owners are going to view websites as a platform for making money, the typical CMS user is thinking more about everyday concepts like social media, news, or the latest baseball game. Whether you’re browsing the news to check out newsfeeds filled with baby pictures and your now happily married friends, chances are your criteria for a good website is going to greatly differ from that of, say, a CEO. Let’s take a look at 3 criteria that the average CMS user might take into consideration when certifying a website as fresh.

1. Content

Well, I think this one is a no-brainer. With the massive amount of available websites providing the latest content, it’s crucial to provide the most engaging and innovative content in order to retain visitors. Let’s face it, people today are extremely lazy and have an attention span of a few seconds. SEO is the name of the game.

Social media has become a huge player today and it’s here to stay due to its ability to provide constant and up to date breaking news from around the world. Sites like Buzzfeed and Upworthy also serve as valuable resources as they compile some eye catching and often times incredible stories to read about.

2. Speed, Ease of Use

Again, back to the short attention span that plagues the current generation. If a website is difficult to navigate or inundated by those irritating popups and ads, chances are users won’t be back. It’s like meeting a potential partner or going in for an interview. The first impression is the name of the game.

If a website takes 5 minutes to load, it’s like being 5 minutes late to an interview. It just shows that you don’t care or you didn’t make the proper preparations. By the way, if you’re still using IE please download Chrome or Firefox now.

3. Active Community

Reddit and Quora are two of the most popular communities around. The beauty of Reddit is that it is built on subreddits. This effectively allows you to navigate straight to the type of content you want to browse. Or you can simply navigate to the front page. Then you can browse the most popular posts regardless of category.

It’s a solid way to keep up with news as well. You can discover things or find an interest in something that you may not even knew existed. This is effective because people don’t want to have to root through irrelevant information (at least to them) in order to access the desired information.

Regardless of Demographic, Everybody Needs Website Security

As a whole, CMS users tend to look at websites in a more laid back manner rather than their strictly business oriented counterparts. However, this doesn’t take away from the fact that website security is of the utmost importance. Many CMS users tend to think that their site is safe since it’s not established or serves as an appealing targets. However, it’s these smaller up and coming sites that are often targeted. This is due to their highly visible vulnerabilities.

Regardless, a web application firewall is a must. Look no further, as Cloudbric is here as your one stop security service to ensure all that painstakingly created content doesn’t fall into the wrong hands. Get started today!

how-to-protect-subdomains

Can I Also Protect My Subdomains With Cloudbric?

Cloudbric received a lot of questions about our web application security service, and in our mission to democratize cyber security, we try our best to make the information readily available. We post a lot of answers in our Help Center, but every week we will give a longer answer about one question. This week, a user asks…

Can I also protect my subdomains with Cloudbric?

Yes, Cloudbric can protect your domain along with any subdomains.

First, let’s talk about what a subdomain is. That’s the part of your website address that comes before your domain name.

A domain name can be broken down into four parts:

  1. subdomain, or third-level domain,
  2. domain, which is also called second-level domain
  3. top-level domain (TLD), which is the *.com, *.net, *.gov, and so on, of your website
  4. if there is a backslash after the top-level domain, everything after that is the subdirectory or subfolder.

These days, the subdomains you’re most likely to see could be blog.*, or mail.*, or m.* for mobile sites, and there are dozens more out there. You may not need Cloudbric protection for a mail or ftp subdomain, but others certainly require security.The most common subdomain is simply the “www.*” that starts off most website addresses. It’s so ubiquitous that we rarely think about what it means. You probably know it stands for “World Wide Web,” but why even bother to say that at all? It dates back to the 1990s, when the World Wide Web wasn’t the main Internet protocol — we also had freenet, ftp, pop, and so on. Nowadays these are much less commonly used. However, they are all valid examples of common subdomains.

Even though your subdomains may be hosted in the same location as your domain, they aren’t considered the same website in many ways. It may affect how search engines like Google index your website. It also means that adding Cloudbric protection to your domain might not cover your subdomain as well.

When you register with Cloudbric, it automatically protects your naked domain,which is your website address without a subdomain. We also protect the www.* subdomain, but not any others. To include your subdomain, you can add it manually here.  After adding it manually, you will be provided with a new set of name servers or A-record/CNAMEs for your subdomain.

How many subdomains?

 

You can add as many subdomains to Cloudbric as you want. The total traffic received by all subdomains will go toward domain bandwidth when calculating your payment amount. So if you have two subdomains receiving 1GB of traffic each, and your domain receives less than 2GB per month, your Cloudbric service is free!

zeroes and ones with a person looking at the web security misunderstandings

Top 3 Web Security Misunderstandings by Small Businesses

Web security seems to be the buzzword in the news the past couple of years with stories of legendary hacks hitting companies like Target, Home Depot, J.P. Morgan, and Sony—just to name a few. However, because we always hear about these hacks happening to big and established companies, we often  think that these kinds of attacks will never happen to us. After all, why would a hacker want to attack a small business when they can attack the Sony’s of the world? Unfortunately, although many people think that, it couldn’t be farther from the truth. And, there are even more web security misunderstandings.

So, here are small businesses’ top 3 web security misunderstandings:

1. I already have minimum web security.

A lot of people think that their Content Management System (i.e. WordPress, Godaddy, etc) offer website protection. However, you couldn’t be farther from the truth. According to Security Week, WordPress is the most attacked Content Management System (CMS)—being hacked 24.1% more than other CMS systems.

CMS services are just created to publish and maintain your website—it isn’t created to protect it. So, just like a museum needs a security system to protect its priceless treasures, so does your website to protect all your precious data. Web protection doesn’t have to be overwhelming.

2. My business is too small to be attacked.

No website or business is too small to be attacked. In fact, according to Symantec, three out of five businesses hacked are small businesses. Hackers actually prefer to hack small businesses as they often have no web security, so their websites can be hacked in minutes. Also, small businesses have no way of fighting back. This way, they can hack dozens of websites in a few hours and probably never get caught.

3. It’s too troublesome and expensive to get web security.

You’re a busy person—you have to manage a business both online and offline. So, the last thing you want to do it figure out what the heck a SSL certificate> is or what a DDoS attack is. Also, adding another expense to your costs doesn’t sound that appealing. However, just like going to the dentist, although you don’t want to do it, it’s something that is necessary to the health of your business.

But there is good news– web protection isn’t actually that hard to figure out or expensive.  Cloudbric is a cloud-based web app firewall (WAF) that blocks malicious web traffic coming to your website and is free to websites with less than 4 GB of monthly web traffic. We take care of all your web protection, so all you have to do is register your domain.

So, take control of your business and fight those web security misunderstandings! Because a cyber-attack can actually happen to anyone, so it’s better to protect yourself before it’s too late.

Boy Programming On Computer With Multiple Monitors And Laptop On Desk

7 Ways to Expose Your Website to Hackers

So you want to serve up your website for any hacker to break into. Sure, weirdo…who am I to judge?

Here are 7 things you should not do unless you want your website hacked:

Once again, if you’re a sensible human being you really should never find yourself doing any of these things.

1. Ignore Security Updates

They may be a nuisance, but updates patch up newly discovered bugs in software. Not installing updates and patches makes it a lot easier for hackers to compromise your device or web app. If you want your website hacked, ignore all security patches, plugin updates, and updates for CMS services such as WordPress or Drupal.

2. Use as Many Different Features and Plugins On Your Site As Possible

Plugins introduce many new potential vulnerabilities to your website, similar to how adding more windows makes your submarine less seaworthy. Be sure to load up on file uploaders, video players, ad managers, analytics, and whatever else you can cram in, even if you don’t need any of it.

3. Set a Really Dumb Password

Setting your password as something easy like “123456,” the always-clever “password,” or matching your password to your username saves hackers a lot of time. You can also help by using the same password for your computer, e-mail, FTP access, and Ashley Madison account, so that once one is compromised, all of them exposed.

setting a password to protect website security

4. Mismanage Your Website and Its Contributors

Just let security be someone else’s job, and don’t take any notice. Be sure to give your employees or contributors full admin access to your website, and make sure not to update your passwords after they leave. Sooner or later, something bad will happen.

5. Don’t Put Together a Security Incident Response Plan

No need to prepare for the worst when you’re counting on it. What if your site gets disabled, or deleted, or information is leaked? How do you detect it, how do you respond, and how do you disclose it? Those are questions that should be considered by anyone who doesn’t want to get hacked.

6. Don’t Bother Securing Your Domain With SSL

SSL encrypts communication between a website’s server and a user’s browser, especially useful in protecting online transactions and payments. But it thwarts man-in-the-middle attacks in which a hacker gets between server and browser and can monitor or alter communication. So if you want to endanger your customers’ privacy, forget about HTTPS — HTTP is the way to go!

7. Don’t Use a Web Application Firewall

A web application firewall can protect your site against the worst online threats, including DDoS attack, SQL injection, and cross-site scripting (XSS), so if you want to make it easier for hackers to overrun your website, the last thing you should do is secure it with a web app firewall like Cloudbric, Imperva, or Cloudflare.


 

This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

office-96107_1920

“Website” Meaning for Startup CEOs?

You might hear a lot of CEOs saying, “My website is powered by WordPress”, “My website is everything”, or “My website is my entire business!” These are the most common answers from CEOs. Almost all startups operate their own websites. Many startup CEOs build their websites with CMS tools such as WordPress, Joomla, or Drupal. Those that depend on these tools really need to pay attention to what these are, if they have any hope to do business online.

Well, the actual definition of a website is a connected group of pages on the Internet that use unique addresses and network routes, which are based on Internet protocols. But who can actually understand this kind of explanation? A website is web data, with web pages and contents. To get a better understanding of what a website really is, we can start by knowing more about CMS. A ‘web content management system,’ CMS is a tool that processes many raw contents into useful resources in this content-filled world. This is the leading solution to building a website without any difficulties. Methods of protecting a website can differ completely depending on the beliefs of the startup CEO. One CEO may want to protect a site one way, and another CEO may think differently and protect a site another way. It all depends on their definition of what a website is to them. Here is a closer look at common assumptions CEOs have about websites.

1. ‘My website is powered by CMS’

CMS and all related plugin modules are website building and operating tools. Building security with an application can be done by secure coding. However, secure coding may not be perfect. That’s why CMS services release security patches and updates. Users need to constantly update. Still, a website can get ‘zero-day attacks,’ that brief period of vulnerability when the hacker can attack before the CMS vendor finds out.

The point here is that, not limited to CMS services themselves, users also need to pay attention and double-check every module to see whether it is really safe or not. Modules should only be downloaded from reliable, trustworthy websites. It can be quite bothersome to constantly update and still be vulnerable to attacks.

startup ceos think that CMS protect thier websites

2. ‘My website is all the data stored in the data center’

Technically, this is a pretty close answer. A website is data, and website data is stored at an Internet data center, IDC for short. To keep data safe, the data center administrator manages an application firewall and network security tools such as IDS/IPS to prevent hackers, viruses, and malicious codes from entering the data center.

Enterprises can usually afford to directly manage their own web server in the data center. But most startups can’t do this, so they rely on their hosting services to manage it for them with a lease of a partial web server in the data center. Cloud hosting services are popular among both small and medium businesses and larger enterprises. But if users use a cloud hosting service such as AWS, there is nothing the user can do about data center security. The data center will probably be safe, but the security is built around the server, and not the individual websites.

3. ‘My website is my own private data with web pages’

This is how startup CEOs should perceive their website. Understanding this concept is important because among security attacks on information, 90% of attacks are aimed at contents, through contents. Compared to the vulnerability of CMS and physical data storage, content vulnerability is a more serious matter. Website attacks are directed at the contents of a website. The contents are not necessarily images or files, but may include account information and administrative authority.

So, how can startup CEOs with CMS protect their websites?

Websites to a business can take on a completely different meaning from the average user. Startup CEOs might view a website as their gateway to the outside world. It is their vehicle to communicate their business and sell products. In essence, a website is a business. Most websites are powered by CMS systems and since there’s no way to know how secure CMS apps have been coded, they just need to constantly update the security patches provided by CMS to avoid attacks like SQL injections. Still not completely safe, CEOs need a web application firewall that covers all the vulnerabilities of CMS’s own security measures.

Even if a cloud-hosting service protects the web server or its data center, it does not protect the contents of individual websites. Basically, the data center manages the antivirus role and the network security role, but it does not take the web contents security role. Technical and privacy issues restrict it from securing web content.

A web application firewall (WAF), on the other hand, can fully protect website content. The cloud-based web application firewall Cloudbric can protect your website. Even if your data is stored safely on an IDC, or if you update security patches constantly on CMS, you still need a WAF to fully protect your website.


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

SC Magazine Awards Europe

Best SME Security Solution at 2016 SC Magazine Awards Europe

Cloudbric recognized for its Web Application Firewall (WAF) and website analytics features,
designed for small to mid-sized businesses

Seoul, Korea: On June 7th, Penta Security Systems announced that Cloudbric, its full-service website security solution, was chosen as the winner of the Best SME Security Solution in the Industry Leaders category at the 2016 SC Magazine Awards Europe. The award was presented at the annual SC Awards Gala. It was held this year at the stunning Old Billingsgate venue in London. Penta Security was present along with other competitive industry names such as Sophos and Barracuda Networks.

penta security global team at sc magazines holding award

Each year, a panel of IT security experts from the private and public sectors reviews hundreds of entries. They narrow the field down to a select group of finalists. The finalists then go through a rigorous, in-depth analysis that includes applicable research, analyst reports, and/or product reviews. Cloudbric was selected as this year’s winner in Best SME Security Solution. The decision was made after a thorough and comprehensive analysis of each finalist.

“It is so important to encourage and praise innovation, recognize those who raise the bar, and reward exemplars who facilitate best practice. Cloudbric is a great example of this within the industry,” remarked Tony Morin, Editor in Chief, SC Magazine UK.

Best SME Security Solution

With Cloudbric, all customers receive comprehensive website protection features including a Web Application Firewall (WAF), CDN, and SSL, as well as timely and attentive customer support regardless of the payment plan. Especially the WAF, utilizing Penta Security’s patented logic-analysis engine, COCEP™ (Contents Classification and Evaluation Processing), provides customers with deeper assurance in their website protection. Additionally, with the Cloudbric dashboard, users can easily manage their businesses with more reliable numbers. This allows them to make more informed marketing and budgeting decisions. The judges of the SC Magazine Awards Europe agreed that the entry was a strong response.

Head of Planning at Penta Security Systems, Duk Soo Kim stated,security solution winner award banner for european awards in 2016

“Through its 19-year-history, Penta Security has sought to bring quality, unrivaled web security to the global market. This was further confirmed for us after reception of the Cyber Defense Magazine Awards back in March for our WAF, WAPPLES, and open source DB encryption solution, MyDiamo. Now, Cloudbric joins the ranks, and we look forward to its continued achievements worldwide.”


About Cloudbric

Cloudbric is an elite full service website security solution specifically designed for IT novices, entrepreneurs, and small and medium businesses. First launched in 2015, Cloudbric is based on the enterprise level Web Application Firewall by Penta Security Systems, a global information security firm headquartered in Seoul, Korea. Penta Security has served more than 3,100 customers for over eleven years. For more information on Cloudbric’s web security service, please visit https://www.cloudbric.com or contact support(at)cloudbric(dot)com.

About SC Magazine

SC Magazine Awards Europe is lauded as one of the most prestigious awards for IT security professionals and products. For more information and a detailed list of categories and winners, please visit http://www.scawardseurope.com/.

profile

DDoS Attacks: Top 5 Industry Targets

If you take a look in any online hacking forum, you’ll find the buzz term “DDoS attack.” Since 2014 alone, the occurrences of DDoS attacks have increased by +132.4%. To normal people, DDoS attacks seem to work like magic—sending a flood of zombie bots that can overwhelm a web app and shut it down.

With so much power and chaos, if a website is caught off guard without proper defenses, it is shut down in seconds. In fact, DDoS attacks are so popular in the cracking community (the correct term for hackers who use their skills to wreak havoc), that in 2013, the group Anonymous petitioned the U.S government to legalize DDoS attacks as a legal form of petitioning.

So, who are some of DDoS attackers’ favorite targets?  Check out our list of their Top 5 Favorites below.

1. News Sites and Media Publications

This attack was the largest DDoS attack to date. Web crackers against the Hong Kong pro-democracy protesters hacked multiple independent Hong Kong news sites supporting Hong Kong suffrage rights. Every time these sites were trying to organize mock executive elections, their websites were attacked with bigger and bigger DDoS attacks.

2. Universities

Some universities lose their internet connection due to the DDoS Attacks.

You might have heard about the controversy about Rutgers University with thousands of students losing internet connection due to multiple DDoS attacks. Apparently, the cracker who rendered the Rutgers networks to useless was hired by someone who had a vendetta against the school. Some attribute the reason to the attacks was the university’s rise of tuition for the 2015-2016 school year.

3. Online Services

This attack is the one that many news outlets declared “the attack that almost broke the internet.” This attack was against Spamhaus, a website that tracks Internet’s spam operations and sources. Spamhaus maintains real-time, spam-blocking databases that help Internet networks weed out bogus email. A service company with a noble goal; however, once it blacklisted a website called CyberBunker, it was targeted for the attack. Journalists declared that the DDoS attack was so large that its affects could be felt outside of the attacked web app. Whether that is really true is still up for debate.

4. Online Gambling Industry

Compared to 2014, there has been a +350% increase in DDoS attacks in the online gambling industry alone. For the crackers who want to get quick access to money, the online gambling industry seems like an easy target. Because the industry is very competitive, crackers will often work for a competitor site. A cracker will attack a site and cause latency—pushing users to want to use a competitor’s service instead of the attacked service.

5. Politics

Just like the group Anonymous, crackers often hack into web apps for political views. In early October, crackers attacked the Thai government’s websites to protest government’s plan to limit access to sites deemed inappropriate. The hack was a part of a petition against the government. Tens of thousands of people declared the government’s plan as the “Great Firewall of Thailand.”

Preventing DDoS attacks?

So how do you protect yourself against a DDoS attack? Dave Larson, CTO and VP, product, of Corero shares that in order to prevent DDoS attacks, companies need to mitigate all of their web traffic targeting their networks.

But, you don’t need to be a company to be attacked by a DDoS attack. DDoS attacks can hit anyone, so it’s best to take measures to protect your website. A web application firewall such as Cloudbric blocks botnet traffic. It disarms attacks by filtering them on the server level, so that they never make it to your website. If your website isn’t already secured against DDoS attack, it’s time to start now, because the threat is only getting stronger with time.


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com