Managed Web Application Firewall – Identifying and Stopping Complex Web-based Attacks

James D. Brown, CTO, StillSecure Web Application Firewalls (WAF) have been in the news a lot in the past few years. A type of application firewall, web application firewalls have functionality that goes beyond simply blocking access to certain types of requests or services. Web application firewalls are also aware of specific types of web-based [...]

Managed IDPS – Stopping Attacks before They Cause Damage

James D. Brown, CTO, StillSecure Intrusion Detection and Prevention Systems (IDPS) is such a key security technology that you might expect me to talk about it first in my multi-part series on security technologies. While it’s hugely important, without a firewall and VPN, it provides very little protection. As I’ve done with each of these [...]

Using Encoded FTP Commands to Infect a Web server by Joshua Roback, SOC Analyst

When it comes to protecting a web server from outside attack, any decent administrator has gone though the ringer in preventing brute force, SQL injection, open port scans and other types of well-known vulnerabilities. Hours of research has been done on preventing remote file inclusion attacks and PHP injection attacks as well. Often missed though, [...]

Securing XO Communications’ Enterprise Cloud Communications

Today we announced a new partnership with XO Communications.  In brief, StillSecure will be providing all the managed security services, including 24x7x365 support from our Security Operations Center, for their Enterprise Cloud Communications service.  While this is certainly a very important partnership for us, we also believe it’s a big step in the right direction for how enterprises think about, and [...]

Two Factor Authentication exploit by Gabriel Bellas, Still Secure SOC Analyst

Companies utilize two-factor authentication to add an extra layer of security to their systems. This can be in the form of a debit card and pin combination, RSA key, smart card, etc. The idea is that a user needs to have a token, and a password to authenticate. A very popular form of two-factor authentication [...]