Adeline Zhang

A Retrospective Analysis of 300G DDoS Mitigation Powered by NSFOCUS Cloud DPS

May 21, 2019

The NSFOCUS multi-terabit DDoS protection was designed specifically to help enterprises regain control and build confidence with its vigorous layered protections against sophisticated attacks. With automation as an integral part of the NSFOCUS solution, DDoS attacks are detected and remediated immediately, with no disruption to services. (more…)

Machine Learning Algorithms Power Security Threat Reasoning and Analysis

May 21, 2019

RSA Conference 2019, an annual infosec event that brings all cybersecurity professionals together, kicked off in San Francisco, USA on March 4, 2019. This year’s Conference took “Better” as its theme, which reflected infosec players’ visions to constantly improve their own capabilities and work out better security solutions. (more…)

Practices of China’s Internet Giants in Machine Learning

May 20, 2019

At RSA Conference 2019, Tao Zhou, a senior staff algorithm engineer from Alibaba Security, Alibaba Group, as one of only a few Chinese speakers, started his presentation on application of statistical learning to intrusion detection in the context of massive big data with an account of challenges facing Internet giants in security data analysis, and […]

Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability Threat Alert

May 17, 2019

Overview

Cisco has released a security advisory, announcing the existence of a REST API authentication bypass vulnerability (CVE-2019-1867) in Cisco Elastic Services Controller (ESC). This vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow an unauthenticated, remote attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. (more…)

Microsoft’s Security Patches for May Fix 82 Security Vulnerabilities Threat Alert

May 16, 2019

Overview

Microsoft released May 2019 security patches on Tuesday that fix 82 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Adobe Flash Player, Azure, Internet Explorer, Kerberos, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, NuGet, Servicing Stack Updates, Skype for Android, SQL Server, Team Foundation Server, Windows DHCP Server, Windows Diagnostic Hub, Windows Kernel, Windows NDIS, and Windows RDP. (more…)

2018 DDoS Attack Landscape-6

May 15, 2019

3.4  Behavioral Analysis of Attack Sources

In the 2018 H1 Cybersecurity Insights8, we mentioned that the number of DDoS recidivists (repeat DDoS offenders) was too large to ignore. Of all internet attack types, 25% of attackers were recidivists responsible for 40% of all attack events. As for DDoS attacks, 7% of attackers were recidivists that launched 12% of attack events. (Here, “DDoS recidivists” refer to source IP addresses that have been marked by NSFOCUS Threat Intelligence center (NTI) as DDoS attack sources.) Clearly, in DDoS attacks, the proportion of recidivists decreased in 2018, indicating a lower level of resource reuse. This can be attributed to two factors: (more…)

NSFOCUS Speaking at TELECOM EXCHANGE NYC 2019

May 14, 2019

  Telecom Exchange, one of the largest C-level networking events that provides unparalleled collaboration, education, and one-on-one engagement with the industry’s top decision-makers, is heading to NYC next week. Executives from all around the world will be meeting to discuss the complex network infrastructure ecosystems, technology and what it means for telecom. The event will […]

A Look into RSA 2019: Interpretation of the Application Security Trend — DevOps and API Security

May 14, 2019

As cloud computing, big data, Internet of Things (IoT), and mobile Internet evolve, application forms and requirements are going through changes. I believe that the application security trend virtually highlights technologies and design theories: technological innovations continue to focus on API concepts; the design theories of solutions, products, and services continue to move towards DevOps (development and operations). In this article, I will discuss the application security trend. (more…)

New Words at RSA: Machine Learning Abuse, XAI, Election Security, and CISA

May 13, 2019

The RSA Conference is the world’s biggest IT security meetings of the highest quality. Initially as a small cryptography forum set up in 1991, this conference has developed into a meeting at which renowned security experts from all around the world are invited to discuss the future cyberspace development and global security vendors are attracted to showcase their information security products. (more…)

Using NLP-based Machine Learning to Automate Compliance and Risk Governance

May 10, 2019

The Governance, Risk & Compliance track of the RSA Conference 2019 focuses on quantification of cybersecurity risks and related cases. For example, Superforecasting II: Risk Assessment Prognostication in the 21st Century by Rich Howard from Palo Alto Networks dwells upon how to evolve semi-quantitative risk assessment into more accurate quantitative risk assessment; Math is Hard: Compliance to Continuous Risk Management presents the entire process of quantitative risk assessment; NIST Cybersecurity Framework and PCI DSS provides practices of implementing PCI-DSS standards in the cybersecurity framework (CSF) and points out complex mapping relationships between the two. (more…)

Search

Subscribe to the NSFOCUS Blog