Next week we’re heading to Las Vegas for the 21st annual Black Hat USA conference. Our security experts and leadership team will be onsite and meeting with IT security leaders to discuss protecting environments from automated attacks during the main conference August 7-9.
As security professionals, we have a bit of a reputation for melodrama. A breach happens, we make a lot of fuss for a few weeks, and then we quickly move on to the next topic dominating our news cycles. Even when a breach seems pretty dire to a particular company and its customers, it's usually not the 'end of days' that we often predict it will be.
If you’re familiar with Stealth Security, you’ll know that one of the first issues we tackled for customers was detecting and mitigating automated or ‘bot’ attacks against web applications. As an ex-CISO who struggled with these attacks, I wanted us to build tools that would focus on that initial problem. Since then, Stealth Security has expanded our product roadmap significantly and increased our scope to help customers extend protection to their whole environment, including mobile applications and APIs.
The wide availability of attack components on the dark and public web makes it easy even for novice cybercriminals to conduct a successful attack on a website, API, or mobile application. With automated, ‘bot’ traffic quickly eclipsing legitimate user activity at some organizations, IT security teams, along with fraud teams, are keen to implement defenses to detect automated attacks. The goals of these two teams are similar, but their approaches are markedly different.
Last month Gartner announced its list of ‘Cool Vendors in Application and Data Security, 2018’ and highlighted Stealth Security for being innovative, impactful, and intriguing in the application and data security space. It’s a good feeling not only to be recognized for our innovation but also to see the realities and challenges of bot detection and mitigation highlighted by industry thought leaders.
I’m extremely excited to join the Stealth Security team as its new President and CEO. At a time when attacks against online applications are both growing and evolving rapidly, some of the world’s most recognized financial institutions and retailers already rely on Stealth Security’s groundbreaking application security platform to protect their infrastructure and their customers’ data.
With the explosive growth of bots and other automated cyberattacks, it's more difficult than ever for fraud teams to discern between human web interactions and bot activity. For organizations conducting business online, detecting and mitigating automated cyberattacks and unwanted traffic is critical to reducing risk and their fraud team's workload so they can focus on preventing fraud, not on bots.
Hackers use smart tools these days. There is a growing breed of attacks that routinely bypass the web application firewall (WAF), the first line of defence at most internet sites. These attacks appear legitimate to a WAF. So how do you catch a sophisticated web attacker posing as a legitimate client? One answer is to look for inconsistencies in their story.
Going to Botconf 2017? Come hear William Glazier present research conducted with Mayank Dhiman. Learn how attackers are using stolen credential leaks, black market toolkits and massively scalable infrastructure to launch automated attacks at scale.
CIOReview names Stealth Security among the Top 20 Most Promising App DDoS Solution providers of 2017.
"The majority of today’s Distributed Denial of Service (DDoS) attacks are merely a smokescreen, designed not to deny service but to distract from the real motive — usually data theft and network infiltration. In addition to service outages, latency and downtime, short attacks allow cyber criminals to test for vulnerabilities within a network and monitor the success of new methods without being detected."
OFX (Open Financial Exchange) is an XML based protocol which essentially behaves like an API and enables the exchange of financial information between interested parties. This API has been around since 1997 and is usually used to pull financial information by "aggregators" or client-side software. Common examples include Quickbooks, GnuCash, and Microsoft Money. This API sits on top of HTTP and the communications are always encrypted using TLS.
Not all bot traffic on your website is bad. Blindly blocking all bot traffic can lead to loss of revenue and bad customer experience. Watch this talk by our CTO and Co-founder Shreyans Mehta at nginx.conf 17 and learn how to break up bots based on intent.
Gigamon and Stealth Security Partner Up to Detect and Mitigate Automated Attacks and Unwanted Traffic
Integrated with the Gigamon GigaSECURE Security Delivery Platform, Stealth Security provides the first solution to use real-time network traffic analysis, behavioral analytics, machine learning, and artificial intelligence technologies to dynamically adapt to the latest attack patterns for accurate detection and mitigation of automated attacks—with no effect on legitimate user traffic.
Credential Exploitation is a growing problem, affecting enterprises of all sizes. For those observing this problem and assessing how to combat it, some questions arise:
Who is being affected?
How big is this problem?
How do attackers monitize their activity?
We ventured to seek answers to these questions by delving into attacker forums in the underground of cyberspace.
以前の記事では、資格情報搾取の問題の定義をしました。この問題は、大規模なログイン資格情報の悪 用を特徴とする攻撃の方法論を用いています。私たちは、攻撃者が他の場所でダンプされた資格情報を 再利用し、どのようにアカウントの乗っ取るのかについて大きく焦点をあてました。私たちまた、そのような攻撃に対して、防御するための適切な防御フレームワークについても議論しました。今日のポストでは、従来の「資格情報の検証」やブルートフォース攻撃よりも深刻な問題が発生する事例について です。また、同じ防御フレームワークが、さまざまな自動化された攻撃を防御するのに役立つことを理 解できます。
Hi, I’m Nikunj, Principal Engineer here at Stealth Security. I’m responsible for our Data processing infrastructure. Following up on the Introduction Post, today we will take a look at one of the ways to keep a 24x7 Spark Streaming application up and running. We will introduce Dynamic Sampling and how to implement a version of it.
Hi, I’m Nikunj and I’m a Principal Engineer here at Stealth Security. I’m responsible for our data processing infrastructure. Previously, I have spent 10+ years helping build and use data processing engines at Tibco, Informatica and MapR.
Hi, I am Mayank Dhiman, and I am the Principal Security Researcher here at Stealth Security.
In our earlier post, we defined the problem of Credential Exploitation, an attack methodology characterized by the abuse of login credentials at scale. We focused largely on how attackers takeover accounts which are reusing credentials that have been dumped elsewhere. We also discussed the proper defensive framework to defend against such attacks. For today’s post, we’ll make the case that the problem runs deeper than traditional “credential verification” or brute-force attacks, and that the same defensive framework can help defend against a wide variety of automation-based attacks.
For today’s post, we’re classifying a new and increasingly common type of attack that our research team has been following — Credential Exploitation. Our definition of Credential Exploitation is an increasingly popular attack methodology characterized by the abuse of login credentials at scale. Specifically, it targets the Application Interfaces of Web, mobile, and API end-points. These attacks encompass the misuse of credentials for Account-Take-Over (ATO) attacks, Credential Brute-force, and abuse of API keys to take advantage of API endpoints. As the Principal Security Researcher here at Stealth Security, I’m leading a team that has carefully reviewed these attacks in volume. This is our overview of our findings regarding the source of this issue, as well as what can be done to mitigate its impact.
Hi, Michael Barrett here, CEO and co-founder of Stealth Security.
As a security guy, I tend to think of the world through a relatively simple lens, and use mental models that have worked for our industry before. I have long suspected that we have been ignoring — or at least oversimplifying — the problem of web API security. And then, last week, there was a case-study making announcement about the discovery of the so-called Hell application, that was allegedly used by Uber to identify Lyft driver locations as well as which drivers used both services. I am not going to comment on the allegations themselves except to note that many CISOs run into situations occasionally that make them ask (usually just to themselves) “what were they thinking?”…
Hi, I’m Shreyans Mehta, CTO at Stealth Security.
That's about to change.
Hello, Michael Barrett here, co-founder and CEO of Stealth Security.
Recently, news has started to come out about the fact that an attacker known as the Turkish Crime Family has penetrated the accounts of many of Apple’s iCloud customers. The total number is still unknown but is claimed to be hundreds of million. At this point, rather than trying to monetize the breached accounts directly, the attacker is simply holding Apple ransom and is demanding bitcoin in return for not harming those customers. This use of an indirect ransom for monetization is a logical next step for attackers. Some commentators have claimed that the number of breached accounts is considerably smaller than the attackers claim. This could of course be correct, but in a real sense it’s irrelevant – this is about what the attacker might be capable of doing.
One of the pleasures of growing a small company is that every hire makes an impact, and if you can hire a really great person into the role, that impact can be huge. This is of course a truism. All teams consist of the best people for the job, all working harmoniously and effectively. When the right people are in them, they are an astonishing force for change.
We had the pleasure of having a strong team of co-founders. Between us, we have a diverse range of skills and experiences. But, as a company grows, another of the things that happens is that you start to zoom in on specific disciplines and look to exemplary performance in them. That’s been happening with us recently, with business development. It’s become clear in the last few months that it’s a topic where we really needed to accelerate our work. We expect it to be a vital component in our long-range success, and therefore an area where we needed more focus than could realistically happen between the co-founders. So, it was evidently time to add another strong leader to our team, someone who could focus solely on business development, and someone who had overwhelmingly strong success in that.