HYPER-CONVERGED INFRASTRUCTURE,APPLICATION INFRASTRUCTURE,STORAGE MANAGEMENT
Wallarm | November 14, 2022
Wallarm, the end-to-end API security company, today released its Q3 API ThreatStats™ Report, which provides deep analysis into all published API vulnerabilities and exploits for the quarter. The Wallarm research team dissected the data from a variety of perspectives, including software type, vendor, CVSS scores, CWEs and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). The team also examined publicly disclosed exploit POCs to determine where the risk lies.
The initial analysis indicated that API vulnerabilities and the impacted vendors were leveling off from the significant increase reported in the Q2 API Vulnerability Report, with minimal to no change. Vulnerabilities and vendors impacted experienced a 16% increase, while high to critical rated vulnerabilities remained steady at 57% total.
However, deeper analysis revealed three key findings, which may have costly implications on an organization’s API security program:
Infrastructure. A vast majority of the most impactful vulnerabilities analyzed in Q3 impacted DevOps tools and infrastructure, resulting in a shift of an organization’s security focus.
Injections. While the OWASP Top-10 Injection categories (A03:2021 for web apps and API8:2019 for APIs) top the charts at over 33% of all CVEs analyzed, further inspection reveals many, many variations, which will require extra effort to remediate.
Exploits. A surprising finding was that the average gap between CVE and exploit POC publication was zero days, which greatly impacts a mitigation timeline.
“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year. However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly. “Wallarm has been committed to tracking and analyzing API vulnerabilities and exploits, and sharing this with the community via our API ThreatStats reports. This Q3-2022 report is the third in a row, and we clearly see a chilling trend in the number, severity and focus of API vulnerabilities and exploits. No joke: the top 10 API issues we're seeing affect core DevOps and PaaS products, such as Kubernetes, Rancher, GitLab, HashiCorp, and several others.”
Ivan Novikov, CEO & co-founder of Wallarm
For more highlights from the final report, please see the Q3-2022 API ThreatStats™ Report executive summary. To learn more, register for Wallarm’s webinar on Thursday, November 10 at 11 AM PT where the research team will present all of its findings.
Wallarm end-to-end API security products provide robust protection for APIs, web applications, microservices, and serverless workloads running in cloud-native environments. Hundreds of Security and DevOps teams choose Wallarm to get unique visibility into malicious traffic, robust protection across their whole API portfolio, and automated incident response for better risk management. The company is committed to supporting modern tech stacks, offering dozens of deployment options in cloud and Kubernetes-based environments, and also provides a full cloud solution. Wallarm is headquartered in San Francisco, California, and is backed by Toba Capital, Y Сombinator, Partech, and other investors.
HYPER-CONVERGED INFRASTRUCTURE, APPLICATION INFRASTRUCTURE, DATA STORAGE
Quali | October 28, 2022
Quali, a leading provider of Environments as a Service infrastructure automation and management solutions, announced today new capabilities that simplify the management of Infrastructure as Code (IaC), strengthen infrastructure governance, and provide further actionable data on the usage and cost of cloud infrastructure.
Torque delivers on business’ need to scale with transparency and controls to ensure governance and accountability without introducing inhibitors to rapid execution. Without any additional effort and with no implementation needed, Torque removes friction and promotes productivity by discovering, analyzing and importing existing IaC assets created by DevOps teams, templatizing those assets into complete application environments, and allowing governed self-service access with unprecedented visibility and control. Torque allows teams to set policies that enforce governance, manage costs, and mitigate risks associated with cloud infrastructure, which enables organizations to respond to business requirements and deliver change faster and with greater agility.
Torque operates across all major cloud providers, as well as major infrastructure types like containers, VMs and Kubernetes on any target infrastructure. The latest release of Torque delivers key capabilities to simplify complex infrastructure, manage IaC files and integrate with the most widely used technologies to leverage business’ existing investments.
New enhancements to Torque include:
Helm drift detection – in addition to the ability to detect infrastructure drift for Terraform files, Torque now adds that capability for Helm Charts, building an additional layer of control to ensure infrastructure consistency throughout the CI/CD pipeline.
“BYO” Terraform policies – Torque supports basic Terraform policies, but now allows the import of existing definitions, so users can leverage previous work to define policies.
Enhanced cost reporting – Cost reporting capabilities have been enhanced to include automatic cost collection for Kubernetes hosts to enhance cost visibility and provide business context to resource consumption.
Environment view – From a single pane of glass, Torque lists all elements comprising an environment blueprint definition pulled from the user’s Git, including visibility into all subcomponents of environment definitions.
Audit Log integrations – All data collected by Torque can be imported into third-party audit tools like ELK elastic search service, promoting greater visibility and accountability, and further strengthening IT teams’ ability to enforce compliance.
“The rate at which technology is evolving has created a level of complexity that businesses are struggling to manage. “As a result, many are turning to IaC for automation, but environments now consist of a larger number of technologies that need to be governed. Torque is the control plane that manages those technologies, so organizations can operate with more speed, greater scale, lower costs and less risk.”
Lior Koriat, CEO of Quali
With Torque, IT leaders understand what infrastructure is being used, when, why and by who in a consistent, measurable way without any negative impact on development practices and tooling. This ensures freedoms for software development teams are maintained, while accelerating infrastructure delivery speed, accountability and mitigating risk to support the business’ needs to plan, optimize and understand the value delivered by software and infrastructure.
Quali will be demonstrating its Torque platform at KubeCon North America October 26th through the 28th in Detroit, Michigan. Stop by booth S6 to learn more.
Headquartered in Austin, Texas, Quali provides the leading platform for Environments as a Service. Global 2000 enterprises rely on Quali’s infrastructure automation and control plane platform to support the continuous delivery of application software at scale. Quali delivers greater control and visibility over infrastructure, so businesses can increase engineering productivity and velocity, understand and manage cloud costs, optimize infrastructure utilization and mitigate risk.
HYPER-CONVERGED INFRASTRUCTURE,APPLICATION INFRASTRUCTURE,IT SYSTEMS MANAGEMENT
StackPath | November 04, 2022
StackPath, the industry-leading edge computing platform today announced the third expansion of its participation in the Solana Foundation Server Program.
The Solana Foundation Server Program provides access to best-in-class, approved-for-blockchain cloud Infrastructure-as-a-Service (IaaS) around the world, with advantageous contract terms, to be used for Solana RPC nodes or Solana validators.
StackPath has already deployed 1,200 servers that host ultra-low latency virtual machines (VMs) for members of the Server Program. By the end of 2022, the company will deploy an additional 1,100 servers, providing VMs in a total of 39 cities around the world.
"The decentralized structure of edge computing aligns with the decentralized nature of blockchain. "We're glad to have StackPath as part of the Server Program, providing its edge computing solutions to our community. Partnerships like this have been a critical part of Solana becoming the fastest growing blockchain ecosystem."
Alex Kehaya, Network Infrastructure Lead at the Solana Foundation
The StackPath platform consists of edge locations deployed in the world's most populous urban areas. That gives its edge IaaS closer proximity to data sources and destinations, as well as greater geographic diversity than traditional cloud computing platforms. In addition, StackPath edge locations are connected by a private network backbone, letting systems communicate within and between sites entirely without using public internet. It all combines to provide blockchain workloads significant speed and predictability advantages.
"The industry has spent the last two decades optimizing cloud IaaS for cloud-native workloads," said Kip Turco, StackPath CEO. "But blockchain workloads—from cryptocurrencies to Web3 applications—really are edge-native. Sure, they can run on traditional cloud. But at the edge they can unlock the full potential of their architecture. That's why we believe we have a powerful role in the Server Program and intend to become a leading platform for blockchain."
StackPath participation in the Server Program is in partnership with Inflect, a high-touch advisory specializing in digital infrastructure and connected solutions.
"The Server Program is an invaluable resource for Solana developers," said Mike Nguyen, CEO of Inflect. "The blockchain community has been challenged by issues ranging from supply chain shortages to service providers backing away from blockchain use cases. The Server Program is designed to mitigate those challenges, helping foster sustainable growth and advance the overall decentralization of the Solana ecosystem."
StackPath will join Inflect to exhibit at Solana Breakpoint in Lisbon, November 4 through 7, 2022, The Pateo da Gale, location 4, where it will provide demonstrations and announce an exclusive special offer for Breakpoint attendees through the Solana Foundation Server Program.
StackPath is a cloud platform built at the internet's edge, providing infrastructure and services physically closer to the source or destination of data than hyperscale cloud service providers. StackPath Edge Compute (including virtual machines and containers), Edge Delivery (including CDN and serverless scripting), and Edge Security (including WAF) solutions run in edge locations strategically deployed in high-density markets and united by a secure global network and a single management system. Customers ranging from Fortune 50 enterprises to one-person startups trust StackPath to give their latency-sensitive workloads and real-time applications the speed, security, and efficiency they require.
Inflect facilitates frictionless transactions for digital infrastructure services, no matter how complex. We believe businesses should be able to easily find and buy the digital infrastructure they need — for every use case and every location in the world. But finding and buying internet infrastructure has historically been a slow, manual process. Inflect's platform simplifies buying and selling of complex infrastructure with an easy-to-use online marketplace, intuitive research tools, and customer and partner management programs.
About Solana Foundation
The Solana Foundation is a non-profit foundation based in Zug, Switzerland, dedicated to the decentralization, adoption, and security of the Solana ecosystem.
Solana is a global state machine, and the world's most performant blockchain. It gives developers the confidence to build for the long term by delivering predictable scaling without compromising security or composability. Solana's performance is driven by a single global state, which is capable of processing tens of thousands of smart contracts at once, and by Proof of History, a distributed clock that unlocks low-latency, sub-second finality across the global state.