Home > News > Top Stories > Wallarm Q3 API ThreatStats™ Report Reveals DevOps Tools and Infrastructure Under Attack

Hyper-Converged Infrastructure,Application Infrastructure,Storage Management

Wallarm Q3 API ThreatStats™ Report Reveals DevOps Tools and Infrastructure Under Attack

Wallarm Q3 API ThreatStats™ Report Reveals DevOps Tools
Wallarm, the end-to-end API security company, today released its Q3 API ThreatStats™ Report, which provides deep analysis into all published API vulnerabilities and exploits for the quarter. The Wallarm research team dissected the data from a variety of perspectives, including software type, vendor, CVSS scores, CWEs and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). The team also examined publicly disclosed exploit POCs to determine where the risk lies.

The initial analysis indicated that API vulnerabilities and the impacted vendors were leveling off from the significant increase reported in the Q2 API Vulnerability Report, with minimal to no change. Vulnerabilities and vendors impacted experienced a 16% increase, while high to critical rated vulnerabilities remained steady at 57% total.

However, deeper analysis revealed three key findings, which may have costly implications on an organization’s API security program:

  1. Infrastructure. A vast majority of the most impactful vulnerabilities analyzed in Q3 impacted DevOps tools and infrastructure, resulting in a shift of an organization’s security focus.
  2. Injections. While the OWASP Top-10 Injection categories (A03:2021 for web apps and API8:2019 for APIs) top the charts at over 33% of all CVEs analyzed, further inspection reveals many, many variations, which will require extra effort to remediate.
  3. Exploits. A surprising finding was that the average gap between CVE and exploit POC publication was zero days, which greatly impacts a mitigation timeline.

“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year. However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly. “Wallarm has been committed to tracking and analyzing API vulnerabilities and exploits, and sharing this with the community via our API ThreatStats reports. This Q3-2022 report is the third in a row, and we clearly see a chilling trend in the number, severity and focus of API vulnerabilities and exploits. No joke: the top 10 API issues we're seeing affect core DevOps and PaaS products, such as Kubernetes, Rancher, GitLab, HashiCorp, and several others.”

Ivan Novikov, CEO & co-founder of Wallarm

For more highlights from the final report, please see the Q3-2022 API ThreatStats™ Report executive summary. To learn more, register for Wallarm’s webinar on Thursday, November 10 at 11 AM PT where the research team will present all of its findings.

About Wallarm
Wallarm end-to-end API security products provide robust protection for APIs, web applications, microservices, and serverless workloads running in cloud-native environments. Hundreds of Security and DevOps teams choose Wallarm to get unique visibility into malicious traffic, robust protection across their whole API portfolio, and automated incident response for better risk management. The company is committed to supporting modern tech stacks, offering dozens of deployment options in cloud and Kubernetes-based environments, and also provides a full cloud solution. Wallarm is headquartered in San Francisco, California, and is backed by Toba Capital, Y Сombinator, Partech, and other investors.

Spotlight

More featured news

Spotlight

Related News

Storage Management

SoftIron Recognized as a Sample Vendor in Gartner Hype Cycle for Edge Computing

GlobeNewswire | October 25, 2023

SoftIron, the worldwide leader in private cloud infrastructure, today announced it has been named as a Sample Vendor for the “Gartner Hype Cycle for Edge Computing, 2023.” Gartner Hype Cycle provides a view of how a technology or application will evolve over time, providing a sound source of insight to manage its deployment within the context of your specific business goals. The five phases of a Hype cycle are innovation trigger, Peak of Inflated Expectations, Trough of Disillusionment, Slope of Enlightenment and the Plateau of Productivity. SoftIron is recognized in the Gartner report as a Sample Vendor for Edge Storage and the report defines the technology as those that enable the creation, analysis, processing and delivery of data services at, or close to, the location where the data is generated or consumed, rather than in a centralized environment. Gartner predicts that infrastructure and operations (I&O) leaders are beginning the process of laying out a strategy for how they intend to manage data at the edge. Although I&O leaders embrace infrastructure as a service (IaaS) cloud providers, they also realize that a significant part of the infrastructure services will remain on-premises, and would require edge storage data services. Gartner Hype Cycles provide a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities. Gartner Hype Cycle methodology gives you a view of how a technology or application will evolve over time, providing a sound source of insight to manage its deployment within the context of your specific business goals. The latest Gartner Hype Cycle analyzed 31 emerging technologies and included a Priority Matrix that provides perspective on the edge computing innovations that will have a bigger impact, and those that might take longer to fully mature. “We are excited to be recognized in the 2023 Garter Hype Cycle for Edge Computing,” said Jason Van der Schyff, COO at SoftIron. “We believe at SoftIron to be well positioned to help our customers address and take advantage of the latest trends and developments in Edge Computing as reported in Gartner’s Hype Cycle.”

Read More

Data Storage

Astera Labs First to Break Through the Memory Wall with Industry’s Highest Performance CXL Memory Controllers

Business Wire | September 21, 2023

Astera Labs, the global leader in semiconductor-based connectivity solutions for AI infrastructure, today announced that its Leo Memory Connectivity Platform enables data center servers with unprecedented performance for memory intensive workloads. Leo is the industry’s first Compute Express Link™ (CXL™) memory controller that increases total server memory bandwidth by 50% while also decreasing latency by 25% when integrated with the forthcoming 5th Gen Intel® Xeon® Scalable Processor. Through new hardware-based interleaving of CXL-attached and CPU native memory, Astera Labs and Intel eliminate any application-level software changes to augment server memory resources via CXL. Existing applications can effortlessly “plug-and-play” to take advantage of the highest possible memory bandwidth and capacity in the system. “The growth of computing cores and performance has historically outpaced memory throughput advancements, resulting in degraded server performance efficiency over time,” said Sanjay Gajendra, COO of Astera Labs. “This performance scaling challenge has led to the infamous ‘memory wall,’ and thanks to our collaboration with Intel, our Leo Memory Connectivity Platform breaks through this barrier by delivering on the promise of PCIe 5.0 and CXL memory.” Data center infrastructure scaling limitations due to the memory wall are none more evident than in AI servers where memory bandwidth and capacity bottlenecks result in inefficient processor utilization. The CXL innovations delivered by Astera Labs and Intel directly address these bottlenecks and lay the foundation for cloud, hybrid-cloud and enterprise data centers to maximize accelerated computing performance. Extending leadership of PCIe® 5.0 and CXL 2.0 solutions Astera Labs has a history of delivering industry-first solutions that are critical to advancing the PCIe and CXL ecosystems. In addition to memory performance advancements with Leo, Astera Labs is also driving interoperability leadership with its Aries PCIe 5.0 / CXL 2.0 Smart Retimers on state-of-the-art Intel server platforms. As the most widely deployed and proven PCIe/CXL retimer family in the industry, Aries features a low-latency CXL mode that complements Leo to form the most robust CXL memory connectivity solution. “We applaud Astera Labs for their contributions to the CXL ecosystem and are delighted to extend our ongoing collaboration. We believe Memory Connectivity Platforms containing innovations from companies like Astera Labs will help deliver enhanced performance on next generation Intel Xeon processors, and accelerate a myriad of memory intensive workloads,” said Zane Ball, Corporate Vice President and General Manager, Data Center Platform Engineering and Architecture Group, Intel. Visit Astera Labs at Intel Innovation! Astera Labs will showcase Leo and Aries together with Intel’s latest Xeon® Scalable processors at Booth #210, September 19-20 at the San Jose Convention Center. Talk to Astera Labs’ experts to learn more about industry benchmarks and how to optimize PCIe/CXL memory solutions in data center architectures to deliver optimized performance for applications ranging from AI, real time analytics, genomics and modeling. About Astera Labs Astera Labs, Inc. is a global leader in semiconductor-based connectivity solutions purpose-built to unleash the full potential of intelligent data infrastructure at cloud-scale. Its class-defining, first-to-market products based on PCIe, CXL, and Ethernet technologies deliver critical connectivity in accelerated computing platforms optimized for AI applications.

Read More

Hyper-Converged Infrastructure

Tenable Completes Acquisition of Ermetic

GlobeNewswire | October 03, 2023

Tenable® Holdings, Inc., the Exposure Management company, today announced it has closed its acquisition of Ermetic, Ltd. (“Ermetic”), an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure entitlement management (CIEM). The acquisition combines two cybersecurity innovators and marks an important milestone in Tenable’s mission to shift organizations to proactive security. The combination of Tenable and Ermetic offerings will add capabilities to both the Tenable One Exposure Management Platform and the Tenable Cloud Security solution to deliver market-leading contextual risk visibility, prioritization and remediation across infrastructure and identities, both on-premises and in the cloud. With unified CNAPP, iron-clad CSPM protection, and industry-leading CIEM, security teams receive the context and prioritization guidance to make efficient and accurate remediation decisions. Security teams will no longer need to be cloud security experts to understand where the most urgent risks exist and what to do about them. Tenable and Ermetic together will help organizations address some of the most difficult challenges in cybersecurity today: Simplifying security management to meet the increasing demands of cloud infrastructure growth Reducing the risk caused by an explosion in volume of user and machine identities in the cloud Understanding the complex relationships and risks across all assets and identities The unique combination of Tenable and Ermetic will give customers tightly integrated CNAPP capabilities for cloud environments, delivered through an elegant user experience that minimizes complexity and speeds adoption, said Amit Yoran, chairman and chief executive officer, Tenable. We’re delivering unparalleled insights into identities and access, which are absolutely critical to securing cloud environments. And with the integration of insights from Tenable One, customers can also consolidate, simplify and reduce costs. The Tenable One Exposure Management Platform enables customers to gain a more complete, accurate and actionable view of their attack surface. Exposure management shifts preventive security from securing technology silos to applying contextual risk intelligence to protect the business. The acquisition of Ermetic accelerates this shift for Tenable customers, adding a depth of cloud security expertise and capabilities that provide context to prioritize risk and simplify remediation. Ermetic adds analytical strength to ExposureAI, more contextual relationships and deep data insights to make Tenable One an even more effective platform for preventive security. Ermetic will also expand and augment Tenable Cloud Security, which enables security teams to continuously assess the security posture of cloud environments, offering full visibility and helping to prioritize efforts based on business risk. About Tenable Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Read More

Storage Management

SoftIron Recognized as a Sample Vendor in Gartner Hype Cycle for Edge Computing

GlobeNewswire | October 25, 2023

SoftIron, the worldwide leader in private cloud infrastructure, today announced it has been named as a Sample Vendor for the “Gartner Hype Cycle for Edge Computing, 2023.” Gartner Hype Cycle provides a view of how a technology or application will evolve over time, providing a sound source of insight to manage its deployment within the context of your specific business goals. The five phases of a Hype cycle are innovation trigger, Peak of Inflated Expectations, Trough of Disillusionment, Slope of Enlightenment and the Plateau of Productivity. SoftIron is recognized in the Gartner report as a Sample Vendor for Edge Storage and the report defines the technology as those that enable the creation, analysis, processing and delivery of data services at, or close to, the location where the data is generated or consumed, rather than in a centralized environment. Gartner predicts that infrastructure and operations (I&O) leaders are beginning the process of laying out a strategy for how they intend to manage data at the edge. Although I&O leaders embrace infrastructure as a service (IaaS) cloud providers, they also realize that a significant part of the infrastructure services will remain on-premises, and would require edge storage data services. Gartner Hype Cycles provide a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities. Gartner Hype Cycle methodology gives you a view of how a technology or application will evolve over time, providing a sound source of insight to manage its deployment within the context of your specific business goals. The latest Gartner Hype Cycle analyzed 31 emerging technologies and included a Priority Matrix that provides perspective on the edge computing innovations that will have a bigger impact, and those that might take longer to fully mature. “We are excited to be recognized in the 2023 Garter Hype Cycle for Edge Computing,” said Jason Van der Schyff, COO at SoftIron. “We believe at SoftIron to be well positioned to help our customers address and take advantage of the latest trends and developments in Edge Computing as reported in Gartner’s Hype Cycle.”

Read More

Data Storage

Astera Labs First to Break Through the Memory Wall with Industry’s Highest Performance CXL Memory Controllers

Business Wire | September 21, 2023

Astera Labs, the global leader in semiconductor-based connectivity solutions for AI infrastructure, today announced that its Leo Memory Connectivity Platform enables data center servers with unprecedented performance for memory intensive workloads. Leo is the industry’s first Compute Express Link™ (CXL™) memory controller that increases total server memory bandwidth by 50% while also decreasing latency by 25% when integrated with the forthcoming 5th Gen Intel® Xeon® Scalable Processor. Through new hardware-based interleaving of CXL-attached and CPU native memory, Astera Labs and Intel eliminate any application-level software changes to augment server memory resources via CXL. Existing applications can effortlessly “plug-and-play” to take advantage of the highest possible memory bandwidth and capacity in the system. “The growth of computing cores and performance has historically outpaced memory throughput advancements, resulting in degraded server performance efficiency over time,” said Sanjay Gajendra, COO of Astera Labs. “This performance scaling challenge has led to the infamous ‘memory wall,’ and thanks to our collaboration with Intel, our Leo Memory Connectivity Platform breaks through this barrier by delivering on the promise of PCIe 5.0 and CXL memory.” Data center infrastructure scaling limitations due to the memory wall are none more evident than in AI servers where memory bandwidth and capacity bottlenecks result in inefficient processor utilization. The CXL innovations delivered by Astera Labs and Intel directly address these bottlenecks and lay the foundation for cloud, hybrid-cloud and enterprise data centers to maximize accelerated computing performance. Extending leadership of PCIe® 5.0 and CXL 2.0 solutions Astera Labs has a history of delivering industry-first solutions that are critical to advancing the PCIe and CXL ecosystems. In addition to memory performance advancements with Leo, Astera Labs is also driving interoperability leadership with its Aries PCIe 5.0 / CXL 2.0 Smart Retimers on state-of-the-art Intel server platforms. As the most widely deployed and proven PCIe/CXL retimer family in the industry, Aries features a low-latency CXL mode that complements Leo to form the most robust CXL memory connectivity solution. “We applaud Astera Labs for their contributions to the CXL ecosystem and are delighted to extend our ongoing collaboration. We believe Memory Connectivity Platforms containing innovations from companies like Astera Labs will help deliver enhanced performance on next generation Intel Xeon processors, and accelerate a myriad of memory intensive workloads,” said Zane Ball, Corporate Vice President and General Manager, Data Center Platform Engineering and Architecture Group, Intel. Visit Astera Labs at Intel Innovation! Astera Labs will showcase Leo and Aries together with Intel’s latest Xeon® Scalable processors at Booth #210, September 19-20 at the San Jose Convention Center. Talk to Astera Labs’ experts to learn more about industry benchmarks and how to optimize PCIe/CXL memory solutions in data center architectures to deliver optimized performance for applications ranging from AI, real time analytics, genomics and modeling. About Astera Labs Astera Labs, Inc. is a global leader in semiconductor-based connectivity solutions purpose-built to unleash the full potential of intelligent data infrastructure at cloud-scale. Its class-defining, first-to-market products based on PCIe, CXL, and Ethernet technologies deliver critical connectivity in accelerated computing platforms optimized for AI applications.

Read More

Hyper-Converged Infrastructure

Tenable Completes Acquisition of Ermetic

GlobeNewswire | October 03, 2023

Tenable® Holdings, Inc., the Exposure Management company, today announced it has closed its acquisition of Ermetic, Ltd. (“Ermetic”), an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure entitlement management (CIEM). The acquisition combines two cybersecurity innovators and marks an important milestone in Tenable’s mission to shift organizations to proactive security. The combination of Tenable and Ermetic offerings will add capabilities to both the Tenable One Exposure Management Platform and the Tenable Cloud Security solution to deliver market-leading contextual risk visibility, prioritization and remediation across infrastructure and identities, both on-premises and in the cloud. With unified CNAPP, iron-clad CSPM protection, and industry-leading CIEM, security teams receive the context and prioritization guidance to make efficient and accurate remediation decisions. Security teams will no longer need to be cloud security experts to understand where the most urgent risks exist and what to do about them. Tenable and Ermetic together will help organizations address some of the most difficult challenges in cybersecurity today: Simplifying security management to meet the increasing demands of cloud infrastructure growth Reducing the risk caused by an explosion in volume of user and machine identities in the cloud Understanding the complex relationships and risks across all assets and identities The unique combination of Tenable and Ermetic will give customers tightly integrated CNAPP capabilities for cloud environments, delivered through an elegant user experience that minimizes complexity and speeds adoption, said Amit Yoran, chairman and chief executive officer, Tenable. We’re delivering unparalleled insights into identities and access, which are absolutely critical to securing cloud environments. And with the integration of insights from Tenable One, customers can also consolidate, simplify and reduce costs. The Tenable One Exposure Management Platform enables customers to gain a more complete, accurate and actionable view of their attack surface. Exposure management shifts preventive security from securing technology silos to applying contextual risk intelligence to protect the business. The acquisition of Ermetic accelerates this shift for Tenable customers, adding a depth of cloud security expertise and capabilities that provide context to prioritize risk and simplify remediation. Ermetic adds analytical strength to ExposureAI, more contextual relationships and deep data insights to make Tenable One an even more effective platform for preventive security. Ermetic will also expand and augment Tenable Cloud Security, which enables security teams to continuously assess the security posture of cloud environments, offering full visibility and helping to prioritize efforts based on business risk. About Tenable Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Read More

More featured news