Tag Archive for: Rule

How to Simplify WAF Rule Management

/in


As long as web application firewalls (WAFs) have existed, security teams have struggled with tuning and maintaining WAF signatures and rulesets. It is thankless, neverending work, and even in the best cases, prone to frequent false positives and false negatives. Yet even though it is one of the most long-standing complaints of legacy WAFs, it is a problem that never seems to go away.

So why has the industry been stuck fighting the same problem for so long? Is it something that can be fixed, or is the pain of rule management the unavoidable “death and taxes” of AppSec? At ThreatX, we are focused on finally making this problem go away by providing a platform that makes security much stronger while getting security teams off the rule management treadmill.

So let’s take a look below the surface to see why legacy rules are so problematic and what we can do about it.

A Common Problem Based on Common DNA

Legacy WAFs tend to suffer from the same problems when it comes to rules because they all fundamentally work the same way. In fact, many of the most popular commercial WAFs rely on the same underlying rules defined by ModSecurity. ModSecurity is a well-known open-source WAF, and its Core Rule Set (CRS) contains more than 17,000 regular expression-based rules. Each WAF vendor may customize and tune these modsec rules to their liking, but under the hood, they are virtually identical.

This has led to an entire industry of WAFs where the core detection engines are all based on regex matching rules. And in most cases, WAFs require a LOT of these rules. And while rules and signatures are not inherently bad, a regex-centered view of the world can certainly lead to a wide range of challenges including …

False Positives and Negatives

Regex rules look for specific string matches that match to a known threat. For example, this might be a pattern of a SQL injection such as the user entering a UNION and SELECT statement for usernames and passwords that reside in an application’s database. And while regex rules can look for these statements, every use of “union” and “select” isn’t necessarily a sign of evil. For example, I’ve recently talked to a prospect whose legacy WAF had…

Source…

Rule requires banks report significant ‘computer-security incidents’ within 36 hours | Article

/in


The Office of the Comptroller of the Currency (OCC), Federal Reserve, and Federal Deposit Insurance Corp. (FDIC) approved the policy, which also requires service providers for financial institutions to notify affected bank customers of any service outage caused by a computer-security incident that lasts longer than four hours.

The rule is effective April 1, 2022, and compliance is required by May 1, 2022.

A computer-security incident is described in the rule as an “occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.” Such incidents can be caused by a variety of factors, including cyberattacks launched by hackers with “destructive malware or malicious software” as well as “non-malicious failure of hardware and software, personnel errors, and other causes.”

A “notification incident” is defined in the rule as a computer-security incident “that disrupts or degrades, or is reasonably likely to disrupt or degrade, the viability of the banking organization’s operations; result[s] in customers being unable to access their deposit and other accounts; or impact[s] the stability of the financial sector.”

The rule requires any bank services provider subject to the Bank Service Company Act (BSCA) to notify at least two individuals within the affected banking organization of a computer-security incident that it “believes in good faith could disrupt, degrade, or impair services provided subject to the BSCA for four or more hours.” The bank organization would then determine if the incident rises to the level of a notification incident and inform its regulators if that is the case.

“The notification requirement for bank service providers is important because banking organizations have become increasingly reliant on third parties to provide essential services,” the rule said. “… [A] banking organization needs to receive prompt notification of computer-security incidents that materially disrupt or degrade, or are reasonably likely to materially disrupt or degrade, these services because prompt notification will allow the banking…

Source…

Banks must report cyber security incidents quickly under new federal rule – Seeking Alpha

/in



Banks must report cyber security incidents quickly under new federal rule  Seeking Alpha

Source…

New U.S. Rule Would Limit Sales of Hacking Tools to Russia and China

/in


Good morning. New export controls on U.S.-made hacking tools take aim at a slice of the cybersecurity industry that operates in gray areas.

The pending regulations will force companies to obtain licenses to sell hacking tools in countries such as China and Russia. But the rules include carve-outs for some firms, including those with select private-sector customers or certain clients who use such software or equipment to hone their own cybersecurity.

The Commerce Department program could push U.S. officials to address the sometimes hazy boundaries between defensive and offensive cyber activity. Some lawmakers are open to the idea of crossing that increasingly blurry line, giving corporate security chiefs legal cover to hack back.

(Continued below.)

Record-breaking Number of DDoS attacks in 2021

Cybercriminals are discovering ever-more-ingenious ways to part organizations from their money. Explore our latest report on the constantly changing threat landscape to stay ahead of your adversaries.

Read more

The Commerce Department’s near-final rule will require companies to obtain a license to sell hacking technology to certain countries deemed threats to U.S. interests. It will take effect in 90 days.

Commerce Secretary

Gina Raimondo

said the export controls aim to balance national security with the expansion of a cybersecurity industry that creates tools to defend computer networks and has grown at a breakneck pace as the global economy becomes increasingly digitized.

“The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights,” Ms. Raimondo said in a statement.

Read the full story.

Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Source…