Harry Potter’s Invisibility Cloak and Moody’s Eye: Software Defined Perimeter (SDP)
October 12, 2022
In the last series of popular science, we talked about Zero Trust Network Access (ZTNA) and learned the three critical technologies of zero trust—SDP, IAM and MSG. In this article, we will continue to introduce a security capability of NSFOCUS SASE – the SDP, one of the three major technologies. What is SDP? The SDP […]
NSFOCUS Included in the 2022 Gartner® Magic Quadrant for Cloud Web Application and API Protection in the Honorable Mentions Section
October 9, 2022
Santa Clara, Calif. October 9, 2022 – We are honored to announce that NSFOCUS was included in the Honorable Mentions section in the Gartner® Magic Quadrant for Cloud Web Application and API Protection report. According to Gartner, by 2026, 40% of organizations will select a WAAP provider on the basis of its advanced API protections […]
Introduction to Web APIs of NTA
October 6, 2022
The Web API of NTA provides an interface for configuring regions or IP groups. Data can be obtained with a GET request and added, removed, or modified with a POST request, facilitating the query and configuration of NTA by O&M personnel. All API POST requests will be recorded in the NTA audit log. Instructions for […]
Security Knowledge Graph | Drawing Knowledge Graph of Software Supply Chain and Strengthening Risk Analysis
October 5, 2022
The security knowledge graph, a knowledge graph specific to the security domain, is the key to realizing cognitive intelligence in cyber security, and it also lays an indispensable technological foundation for dealing with advanced, continuous and complex threats and risks in cyberspace. NSFOCUS published a series of articles about the application of the security knowledge […]
Three Transformations of NSFOCUS ADS Solution
October 3, 2022
With the continuous transformation of telecommunication infrastructure in recent years, the popularization of 5G technology has promoted the sustainable and rapid growth of network bandwidth resources, and driven the rapid development of technologies such as big data, cloud computing, and the Internet of Things (IoT). However, due to security flaws, a large number of IoT […]
XSS Attack Protection
September 30, 2022
Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to […]
APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 2)
September 29, 2022
Part 1: APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 1) Type 2: Send malicious HTML attachments by masquerading notification emails The second type of attack activity Gamaredon mainly carried out is spear phishing emails. This is a new attack process that emerged in the second quarter of this year. Gamaredon attackers placed layers […]
APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 1)
September 28, 2022
Overview Beginning in the second quarter of this year, NSFOCUS Security Labs discovered that the APT group Gamaredon began frequently using a number of different types of attacks to conduct cyberattacks against military and police targets in Ukraine’s Kherson, Donetsk and other regions. In this attack cycle, Gamaredon mainly used attack tools such as malicious […]
APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions
September 26, 2022
Overview NSFOCUS Security Labs detected a string of related phishing attacks recently. The analysis confirmed that these activities were staged by the APT group Evilnum and they were a continuation of the group’s recent operation DarkCasino. This round of cyberattacks occurred in late July and lasted until early August. Evilnum attackers maintained consistent attack methodology […]
Description of the Server Name Indication Feature on NSFOCUS WAF
September 22, 2022
The early SSLv2 was designed based on the classic public key infrastructure. By default, a server or an IP address could provide only one service so that the server could know which certificate to serve during the SSL handshake. The widespread use of virtual hosts leads to the situation where multiple domain names are mapped […]
