Software Protection: Integrity, Diversity, Entanglement and Renewability (SPIDER) We’ve spent a lot of time finding a suitable analogy to explain the more subtle aspects of defense in depth and the multi-layered approach to cybersecurity that […]
As someone who works with cloud solutions for a security company, I am very aware of the stories in various media about security breaches in cloud accounts. Usually these are along the lines of “Company […]
Ofttimes it has been difficult to explain the role of software protection in hardware-protected secure systems, but recently security researchers have helped us out by providing many examples of zero-day exploits where flaws that are baked into hardware or firmware lead to exploitable vulnerabilities in systems. In this article we are having a look at Spectre & Meltdown and explore how these attacks could have been avoided using application protection technology.
Some of you will remember the Target and Home Depot cyberattacks in 2013 & 2014, which resulted in $202 million (Sruthi Ramakrishnan, 2017) and $134.5 million USD (Roberts, 2017) of damages respectively. In this blog article, let’s examine these and other infamous hacks in detail to glean important lessons about system and application security.
Following on from previous posts (part 1, part 2) I wanted to drill down a bit more into the components from the container cluster node in the reference architecture as is shown on the image below. […]
In my previous post I advocated reducing the security perimeter to the smallest possible size – because perimeter based security is often not enough, the slightest ‘hole’ in the perimeter allows attackers to get in. […]
I recall in early 2000’s having a debate with a security expert about firewalls, at the time they were advocating the firewall model was fundamentally broken! Their argument was if any traffic could get through, in any direction, for any purpose, bad guys could figure out how to use it to exploit the system. I disagreed, believing the ‘new’ filtering technology would be able to stop them, I was wrong.
AVTest.org produced their annual malware report recently and it’s interesting reading. It charts of picture of an active battle between attackers trying to make money and defenders who are fighting to keep up. The headlines of the report show malware authors are moving away from just targeting Windows PC’s and intro Macs, Linux (often in iOT) and Android.
More and more security companies are including “white-box cryptography” in their product offerings. This is more than buzzword compliance; it’s a recognition that white-box attacks are real, and that the implementation of a cryptographic algorithm is as important as the algorithm itself.
In May Tim Charman and Ben Gidley presented a talk at CodeMotion in Amsterdam showing how you can use obfuscation, whitebox and integrity verification to secure communications from the browser even in the case of […]