Insights from a Global Survey of Security Professionals

What were the most serious web attacks in 2021? Which security technologies are the most popular to defend against them? And which new technologies are security professionals planning to adopt in 2022? These questions, and more, were the basis of the “2022 State of Web Security” survey, recently commissioned by Reblaze and conducted by Global […]

Changes to GCP load balancer behavior

This announcement is for Reblaze customers who use Google Cloud Platform, and manage their own infrastructure. A change to GCP’s default behavior is pending that you will need to address.  (If you are a SaaS customer, we have already made this change for you.) Background: On Jan 19th, 2022, Google announced that a gradual update has been […]

Better DevSecOps on Google Cloud Platform (GCP)

DevSecOps has become the default standard for organizations striving to achieve an efficient but secure software deployment process. Not only does it ensure an efficient environment, it also unifies the process of integrating security, starting from the ground up—from the infrastructure to the application stack.  In earlier articles, we touched upon the basics of DevSecOps […]

Envoy Proxy 101

Curiefense is integrated with Envoy Proxy, the prominent open-source edge and service proxy for cloud native applications. Initially developed by Lyft and now part of the Cloud Native Computing Foundation landscape, Envoy is designed to create a transparent network and make it easier to troubleshoot problems. Envoy provides many benefits to modern microservice architectures. In […]

Securely Using GCP: New Capabilities

Attackers are targeting cloud-hosted workloads more than ever before. As one of the leading cloud service providers, Google Cloud Platform (GCP) includes many built-in security features. However, as with every CSP, Google Cloud Platform (GCP) security is also a shared responsibility, and customers need to make use of the services and features available on the […]

Securing a Critical Apache Log Vulnerability

A critical vulnerability has been discovered in Apache Log4j 2. We have sent out a custom WAF signature to all Reblaze customers that will protect against it. About the vulnerability Apache Log4j 2 is a widely used logging framework for Apache. Developers can use it for logging configuration messages, runtime information, errors, and other forms […]

Attack of the Month: Human-Directed Account Takeover (ATO)

Cybercrime has become an extremely lucrative industry. The large hacker groups are making millions of dollars per year. (According to the US Treasury, ransomware payments alone totaled $590 million in the first half of 2021.) This has created two growing trends: first, a rising complexity of threats, because the hackers are hiring top programming talent. […]

New Security Features in Microsoft Azure

Microsoft is continually adding to Azure’s capabilities. Recent updates have improved Azure’s security features across a variety of services. We’ve previously discussed web security for Microsoft Azure, including topics such as: An overview of cloud security on Azure A discussion of security for compute resources, containers, storage, and networks Azure web application security and IAM […]

Get Ready for Black Friday DDoS Attacks

Black Friday is almost here, and ‘DDoS Season’ has arrived. DDoS attacks occur year-round, of course. But for online retailers especially, this is the worst time of the year for these incidents. We’re already seeing holiday-related DDoS events against Reblaze customers. And along with the usual volumetric assaults, we’re seeing some interesting variations in the […]

DevSecOps on AWS: New Strategies

As DevOps has become mainstream, many organizations are going further and adopting DevSecOps, and integrating security into their SDLC. This often raises many practical issues, especially concerning implementation strategies for the specific CSPs (Cloud Service Providers) being used. Two years ago, we wrote about using DevSecOps on AWS, which is an important part of AWS […]