HYPER-CONVERGED INFRASTRUCTURE,APPLICATION INFRASTRUCTURE,STORAGE MANAGEMENT

Wallarm Q3 API ThreatStats™ Report Reveals DevOps Tools and Infrastructure Under Attack

Wallarm | November 14, 2022 | Read time : 02:50 min

Wallarm Q3 API ThreatStats™ Report Reveals DevOps Tools
Wallarm, the end-to-end API security company, today released its Q3 API ThreatStats™ Report, which provides deep analysis into all published API vulnerabilities and exploits for the quarter. The Wallarm research team dissected the data from a variety of perspectives, including software type, vendor, CVSS scores, CWEs and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). The team also examined publicly disclosed exploit POCs to determine where the risk lies.

The initial analysis indicated that API vulnerabilities and the impacted vendors were leveling off from the significant increase reported in the Q2 API Vulnerability Report, with minimal to no change. Vulnerabilities and vendors impacted experienced a 16% increase, while high to critical rated vulnerabilities remained steady at 57% total.

However, deeper analysis revealed three key findings, which may have costly implications on an organization’s API security program:

  1. Infrastructure. A vast majority of the most impactful vulnerabilities analyzed in Q3 impacted DevOps tools and infrastructure, resulting in a shift of an organization’s security focus.
  2. Injections. While the OWASP Top-10 Injection categories (A03:2021 for web apps and API8:2019 for APIs) top the charts at over 33% of all CVEs analyzed, further inspection reveals many, many variations, which will require extra effort to remediate.
  3. Exploits. A surprising finding was that the average gap between CVE and exploit POC publication was zero days, which greatly impacts a mitigation timeline.

“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year. However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly. “Wallarm has been committed to tracking and analyzing API vulnerabilities and exploits, and sharing this with the community via our API ThreatStats reports. This Q3-2022 report is the third in a row, and we clearly see a chilling trend in the number, severity and focus of API vulnerabilities and exploits. No joke: the top 10 API issues we're seeing affect core DevOps and PaaS products, such as Kubernetes, Rancher, GitLab, HashiCorp, and several others.”

Ivan Novikov, CEO & co-founder of Wallarm

For more highlights from the final report, please see the Q3-2022 API ThreatStats™ Report executive summary. To learn more, register for Wallarm’s webinar on Thursday, November 10 at 11 AM PT where the research team will present all of its findings.

About Wallarm
Wallarm end-to-end API security products provide robust protection for APIs, web applications, microservices, and serverless workloads running in cloud-native environments. Hundreds of Security and DevOps teams choose Wallarm to get unique visibility into malicious traffic, robust protection across their whole API portfolio, and automated incident response for better risk management. The company is committed to supporting modern tech stacks, offering dozens of deployment options in cloud and Kubernetes-based environments, and also provides a full cloud solution. Wallarm is headquartered in San Francisco, California, and is backed by Toba Capital, Y Сombinator, Partech, and other investors.

Spotlight

Learn how to troubleshoot Confluent Managed Connectors using the Dead Letter Queue, the Confluent CLI, the Confluent Connect API, and Connect Log Events.

Spotlight

Learn how to troubleshoot Confluent Managed Connectors using the Dead Letter Queue, the Confluent CLI, the Confluent Connect API, and Connect Log Events.

Related News

APPLICATION INFRASTRUCTURE,APPLICATION STORAGE,DATA STORAGE

Spectrum Enterprise Announces National Availability of 100 Gigabit Ultra-High Speed Data Services

Spectrum Enterprise | December 02, 2022

Spectrum Enterprise, a unit of Charter Communications, Inc., today announced the availability of Ultra-High Speed Data services across its national fiber network that deliver speeds of 100 gigabits per second (Gbps) for a range of data transport solutions, such as internet, WAN and Wavelength. Enterprises can benefit from these high-performance data capabilities at multiple locations, including private data centers, public clouds, corporate headquarters, and branch sites. Leveraging the Spectrum Enterprise Network architecture, Ultra-High Speed Data services easily scale from 10Gbps to 100Gbps and offer a range of redundancy options. Spectrum Enterprise Ultra-High Speed Data services enable businesses to increase agility and meet the changing connectivity needs of their digital platforms. These services are paired with premium support and are fully managed and monitored to help ensure that the mission critical requirements of applications using the services are met. "Bandwidth utilization for Ethernet-based business networks across the United States is anticipated to grow at a compound annual rate of 32% over the next five years, with the highest growth segment being ultra-high speed connections of between 10Gbps and 100Gbps. In fact, data transport volume over 10+ Gbps connections is expected to grow almost five times by 2026, to nearly 2400 Terabytes annually. Ensuring network evolution plans consider the growing demand for bandwidth and performance will be a key requirement for every organization." -Erin Dunne, Director of Research, Vertical Systems Group. Public cloud access, high-speed trading, video collaboration, file sharing, high-performance computing and internet access are among the many use cases fueling the demand for ultra-high speed data services. Investing in a modern network "At Spectrum Enterprise, we're committed to the success of our clients. We're investing in the breadth and depth of our network, its capabilities, and, importantly, the solutions and experience surrounding them so that we can provide businesses with speeds of 100Gbps and beyond," said Bill Archer, Charter Executive Vice President and President of Spectrum Enterprise. "Our Ultra-High Speed Data services capitalize on the performance capabilities of our dense fiber network with an unmatched experience and value. From solution design to dedicated support and management, we're there every step of the way so our clients stay a step ahead of future technologies and business demands." The national availability of Spectrum Enterprise Ultra-High Speed Data services across metro and wide area networks to support a client's full range of operations is the result of ongoing investments in network capability, solution design and the experience that large enterprises require. Spectrum Enterprise provides clients a modern network platform, deployed to over 270,000 on-net buildings and fiber proximity to millions of businesses across the U.S. This capability delivers 100Gbps speeds to any client site – whether it's a commercial building, data center or any other location. Different types of enterprises across the country have begun using Spectrum Enterprise Ultra-High Speed Data services. Leading Fortune 500 financial firms employ these services to support critical operational requirements. School districts support students and teachers with better classroom and digital learning experiences due to high-performance connectivity solutions. Organizations across multiple sectors depend on the low-latency attributes of Ultra-High Speed Data services to transport massive amounts of data across hybrid cloud workloads. About Spectrum Enterprise Spectrum Enterprise, a part of Charter Communications, Inc., is a national provider of scalable, fiber technology solutions serving many of America's largest businesses and communications service providers. The broad Spectrum Enterprise portfolio includes networking and managed services solutions: Internet access, Ethernet access and networks, Voice and TV solutions. The Spectrum Enterprise team of experts works closely with clients to achieve greater business success by providing solutions designed to meet their evolving needs. For more information, visit enterprise.spectrum.com.

Read More

APPLICATION INFRASTRUCTURE,APPLICATION STORAGE,WINDOWS SYSTEMS AND NETWORK

Siemens Energy Chooses Syntax for Global Implementation Partnership

Syntax | January 04, 2023

In a recent announcement, leading multi-ERP managed cloud provider Syntax collaborates with Siemens Energy to design and implement its new SAP Digital Manufacturing Cloud (DMC) infrastructure for more than 80 production sites worldwide. Syntax will implement the SAP DMC subscription contract for Siemens Energy’s five pilot plants in Germany, Mexico, and the United Kingdom. In addition, Syntax will collect critical process data for analysis, process modeling and execution, and resource coordination, reflecting the broad range of Siemens Energy's requirements. Syntax’s expertise will be used in the integration of manufacturing processes for the company, laying a solid foundation for a digital factory through the development of a standard template. This Siemens Energy template is expected to be completed by the end of 2023. It will then be gradually rolled out to all of Siemens Energy’s sites across the globe, over a seven-year period. “As an important part of our sustainable digitization strategy within the production areas, this project is of great strategic importance for Siemens Energy. Using the same systems at all production sites is the basis for notably better cooperation, protection against cybersecurity threats, and more efficient interests of the customer." Matthias Hammes, IT project manager, Siemens Energy. About Syntax Syntax provides end-to-end technology solutions to businesses of all sizes. Syntax is now a market leader in Managed Cloud for Mission Critical Enterprise Applications. Syntax has unrivaled expertise in implementing and managing ERP deployments (Oracle, SAP) in a secure, resilient private, public, or hybrid cloud.

Read More

HYPER-CONVERGED INFRASTRUCTURE,APPLICATION STORAGE

Leviton's $80m Investment in Network Solutions to Boost Innovation

Leviton | January 06, 2023

Leader in electrical, lighting, and networking systems, Leviton, has made significant headway in its five-year, $80 million worldwide capital investment plan for its Network Solutions vertical. Leviton's investment in the Network Solutions business unit will solidify its $202 million acquisition of Berk-Tek in 2020, will increase its production capacity worldwide, and establish Leviton as one of the leading end-to-end makers of copper and fiber network infrastructure systems. The new expansion project of the Leviton fiber optic cabling manufacturing facility in Fuquay-Varina, North Carolina, makes up a sizeable chunk of the investment strategy. Construction of the project began in December 2022. Once finished in 2024, the facility will be equipped to support single mode cables, made-to-order fiber optic cable assemblies and long-term growth of multimode cables. In addition to this vast expansion, Leviton has implemented the following key advancements: Leviton's ATLAS-X1TM and EXTREMETM solutions have grown globally. Indeed, that doubled capacity in 2021 to meet worldwide demand. Additionally, Leviton added state-of-the-art technology at its Glenrothes (Scotland) manufacturing facility to improve capacity and deliver a uniform global specification for Category 6A cabling. Installing the optical fiber cable in the second quarter of last year, Leviton armored in sales support of this rapidly growing product line, including pre-terminated data center solutions in its NC factory. About Leviton Leviton designs innovative products across multiple industries, including electrical, lighting, and networking, to improve people's lives in several ways. Isidor Leviton immigrated from Russia to the United States in 1906, started a modest tinsmithing business, and founded Leviton, promising to remain committed to thinking and growing, innovative in creating new products, dedicated to giving safer life to communities throughout the world and adhere to UL standards in producing high-quality products.

Read More