Tag: Innovation
Information security often takes the form of an arms race, as attackers develop novel ways to use or abuse services on the web to their own benefit, and defenders scramble to adapt to and block these new techniques. Few technologies better exemplify this arms race than the web element known as CAPTCHA. This component is…
Read MoreMany companies and organizations around the world have issued mandatory work-from-home policies due to the COVID-19 pandemic. When companies find themselves in a situation like we are in today, going from a zero percent remote workforce to 100 percent in a matter of days, it can be daunting. What used to be safe, thanks to…
Read MoreCan’t We Just Get Rid of Passwords Now? Shape Security and F5 Labs recently published the 2021 Credential Stuffing Report, which is the product of a multi-year collaborative research project that evolved from Shape’s original Credential Spill Report. This year’s report covers the lifecycle of credential theft in detail, from the original theft of usernames…
Read MoreEven Strong Defenses May Contain Weaknesses One could argue that fraudsters’ tactics are not novel and that investing in specialized products with machine learning and artificial intelligence should solve the issue of fraud. But somehow fraudsters still manage to outsmart security defenses. In a recent discussion that F5 Labs had with the head of the…
Read MoreBots are not new. Attackers have used bots to achieve scalability in a variety of attack techniques for decades, and defenders have been fighting bots, to varying degrees of success, for just as long. However, two events in 2022—the prolonged acquisition of Twitter by Elon Musk, with its attendant discussion about exactly how much of…
Read MoreNeutral/Mixed Intentions Many of the actors in this system are neither completely benign nor completely malicious. Some of these practices are bifurcated into legal and illegal practices, such as the rather obvious distinction between criminal and benign payment facilitators. Some of these provide services that can genuinely be used either way, such as reshipping services…
Read MoreSecurity automation’s promises are laudable and include reducing manual work, improving mean time to know and remediate for detection programs, and reducing a junior hire’s required technical knowledge to help address the talent issues programs still face. Many security automation vendors are especially bullish on that last promise, investing in low-to-no code user experiences that…
Read MoreIntroduction Identity is one of those bedrock concepts in security that seems simple and intuitive when we use it in our daily lives (“Hi Bob!”), about ourselves (“I’m a chef!”), and in personal (“You’re my friend!”) and intimate (“I love you!”) contexts. Yet when we build or deploy systems that rely on identity — a…
Read More