

Search results
642 results found with an empty search
- AlgoSec | Sunburst Backdoor, Part III: DGA & Security Software
In the previous parts of our blog ( part I and part II ), we have described the most important parts of the Sunburst backdoor... Cloud Security Sunburst Backdoor, Part III: DGA & Security Software Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/22/20 Published In the previous parts of our blog ( part I and part II ), we have described the most important parts of the Sunburst backdoor functionality and its Domain Generation Algorithm (DGA). This time, let’s have a deeper look into the passive DNS requests reported by Open-Source Context and Zetalytics . The valid DNS requests generated by the malware fall into 2 groups: DNS requests that encode a local domain name DNS requests that encode data The first type of DNS requests allows splitting long domain names into separate requests. These requests are generated by the malware’s functions GetPreviousString() and GetCurrentString() . In general, the format of a DNS request that encodes a domain name may look like: USER_ID.NUM.COMPUTER_DOMAIN[.]appsync-api.us-west-2[.]avsvmcloud[.]com where: USER_ID is an 8-byte user ID that uniquely identifies a compromised host, encoded as a 15-character string NUM is a number of a domain name – either 0 or 1, encoded as a character COMPUTER_DOMAIN is an encoded local computer domain Let’s try decoding the following 3 DNS requests: olc62cocacn7u2q22v02eu.appsync-api.us-west-2.avsvmcloud.com r1qshoj05ji05ac6eoip02jovt6i2v0c.appsync-api.us-west-2.avsvmcloud.com lt5ai41qh5d53qoti3mkmc0.appsync-api.us-west-2.avsvmcloud.com String 1 Let’s start from the 1st string in the list: olc62cocacn7u2q22v02eu.appsync-api.us-west-2.avsvmcloud.com. In this string, the first 15-character string is an encoded USER_ID : “olc62cocacn7u2q” . Once it is base-64 decoded, as explained in the previous post, it becomes a 9-byte byte array: 86 7f 2f be f9 fb a3 ae c4 The first byte in this byte array is a XOR key: 0x86 . Once applied to the 8 bytes that follow it, we get the 8-byte user ID – let’s take a note and write it down, we will need it later: f9 a9 38 7f 7d 25 28 42 Next, let’s take the NUM part of the encoded domain: it’s a character “2” located at the position #15 (starting from 0) of the encrypted domain. In order to decode the NUM number, we have to take the first character of the encrypted domain, take the reminder of its division by 36 , and subtract the NUM ‘s position in the string “0123456789abcdefghijklmnopqrstuvwxyz” : num = domain[0] % 36 – “0123456789abcdefghijklmnopqrstuvwxyz”.IndexOf(domain.Substring(15, 1)); The result is 1 . That means the decrypted domain will be the 2nd part of a full domain name. The first part must have its NUM decoded as 0. The COMPUTER_DOMAIN part of the encrypted domain is “2v02eu” . Once decoded, using the previously explained method, the decoded computer domain name becomes “on.ca” . String 2 Let’s decode the second passive DNS request from our list: r1qshoj05ji05ac6eoip02jovt6i2v0c.appsync-api.us-west-2.avsvmcloud.com Just as before, the decoded 8-byte user ID becomes: f9 a9 38 7f 7d 25 28 42 The NUM part of the encoded domain, located at the position #15 (starting from 0), is a character “6” . Let’s decode it, by taking the first character ( “r” = 114 ), take the reminder of its division by 36 ( 114 % 36 = 6 ), and subtracting the position of the character “6” in the “0123456789abcdefghijklmnopqrstuvwxyz” , which is 6 . The result is 0 . That means the decrypted domain will be the 1st part of the full domain name. The COMPUTER_DOMAIN part of the encrypted domain is “eoip02jovt6i2v0c” . Once decoded, it becomes “city.kingston.” Next, we need to match 2 decrypted domains by the user ID, which is f9 a9 38 7f 7d 25 28 42 in both cases, and concatenate the first and the second parts of the domain. The result will be “city.kingston.on.ca” . String 3 Here comes the most interesting part. Lets try to decrypt the string #3 from our list of passive DNS requests: lt5ai41qh5d53qoti3mkmc0.appsync-api.us-west-2.avsvmcloud.com The decoded user ID is not relevant, as the decoded NUM part is a number -29 . It’s neither 0 nor 1 , so what kind of domain name that is? If we ignore the NUM part and decode the domain name, using the old method, we will get “thx8xb” , which does not look like a valid domain name. Cases like that are not the noise, and are not some artificially encrypted artifacts that showed up among the DNS requests. This is a different type of DNS requests. Instead of encoding local domain names, these types of requests contain data. They are generated by the malware’s function GetNextStringEx() . The encryption method is different as well. Let’s decrypt this request. First, we can decode the encrypted domain, using the same base-64 method, as before . The string will be decoded into 14 bytes: 7c a5 4d 64 9b 21 c1 74 a6 59 e4 5c 7c 7f Let’s decode these bytes, starting from the 2nd byte, and using the first byte as a XOR key. We will get: 7c d9 31 18 e7 5d bd 08 da 25 98 20 00 03 In this array, the bytes marked in yellow are an 8-byte User ID, encoded with a XOR key that is selected from 2 bytes marked in red. Let’s decode User ID: for ( int i = 0 ; i < 8 ; i++) { bytes[i + 1 ] ^= bytes[ 11 - i % 2 ]; } The decoded byte array becomes: 7c f9 a9 38 7f 7d 25 28 42 25 98 20 00 03 The User ID part in marked in yellow. Does it look familiar? Indeed, it’s the same User ID we’ve seen before, when we decoded “city.kingston.on.ca” . The next 3 bytes marked in red are: 25 98 20 . 2 0x59820 The first number 2 stands for the size of data that follows – this data is 00 03 (selected in green). The number 0x59820 , or 366,624 in decimal, is a timestamp. It’s a number of 4-second periods of time since 1 January 2010. To obtain the real time stamp, we need to multiple it by 15 to get minutes, then add those minutes to 1 January 2010: var date = ( new DateTime( 2010 , 1 , 1 , 0 , 0 , 0 , DateTimeKind.Utc)).AddMinutes(timestamp * 15 ); For the number 0x59820 , the time stamp becomes 16 July 2020 12:00:00 AM – that’s the day when the DNS request was made. The remaining 2 bytes, 00 03 , encrypt the state of 8 security products, to indicate whether each one of them is running or whether it is stopped. The 8 security products are: Windows Live OneCare / Windows Defender Windows Defender Advanced Threat Protection Microsoft Defender for Identity Carbon Black CrowdStrike FireEye ESET F-Secure 2 states for 8 products require 2 * 8 = 16 bits = 2 bytes. The 2 bytes 00 03 in binary form are: 00 00 00 00 00 00 00 11 Here, the least-significant bits 11 identify that the first product in the list, Windows Live OneCare / Windows Defender, is reported as ‘running’ ( 1 ) and as ‘stopped’ ( 1 ). Now we know that apart from the local domain, the trojanised SolarWinds software running on the same compromised host on “city.kingston.on.ca” domain has also reported the status of the Windows Defender software. What Does it Mean? As explained in the first part of our description, the malware is capable of stopping the services of security products, be manipulating registry service keys under Administrator account. It’s likely that the attackers are using DNS queries as a C2 channel to first understand what security products are present. Next, the same channel is used to instruct the malware to stop/deactivate these services, before the 2nd stage payload, TearDrop Backdoor, is deployed. Armed with this knowledge, let’s decode other passive DNS requests, printing the cases when the compromised host reports a running security software. NOTES: As a private case, if the data size field is 0 or 1 , the timestamp field is not followed with any data. Such type of DNS request is generated by the malware’s function GetNextString() . It is called ‘a ping’ in the listing below. If the first part of the domain name is missing, the recovered domain name is pre-pended with ‘*’ . The malware takes the time difference in minutes, then divides it by 30 and then converts the result from double type to int type; as a result of such conversion, the time stamps are truncated to the earliest half hour. 2D82B037C060515C SFBALLET Data: Windows Live OneCare / Windows Defender [running] 11/07/2020 12:00:00 AM Pings: 12/07/2020 12:30:00 AM 70DEE5C062CFEE53 ccscurriculum.c Data: ESET [running] 17/04/2020 4:00:00 PM Pings: 20/04/2020 5:00:00 PM AB902A323B541775 mountsinai.hospital Pings: 4/07/2020 12:30:00 AM 9ACC3A3067DC7FD5 *ripta.com Data: ESET [running] 12/09/2020 6:30:00 AM Pings: 13/09/2020 7:30:00 AM 14/09/2020 9:00:00 AM CB34C4EBCB12AF88 DPCITY.I7a Data: ESET [running] 26/06/2020 5:00:00 PM Pings: 27/06/2020 6:30:00 PM 28/06/2020 7:30:00 PM 29/06/2020 8:30:00 PM 29/06/2020 8:30:00 PM E5FAFE265E86088E *scroot.com Data: CrowdStrike [running] 25/07/2020 2:00:00 PM Pings: 26/07/2020 2:30:00 PM 26/07/2020 2:30:00 PM 27/07/2020 3:00:00 PM 27/07/2020 3:00:00 PM 426030B2ED480DED *kcpl.com Data: Windows Live OneCare / Windows Defender [running] 8/07/2020 12:00:00 AM Carbon Black [running] 8/07/2020 12:00:00 AM Full list of decoded pDNS requests can be found here . An example of a working implementation is available at this repo. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call
- Hybrid & multi-cloud management tool | AlgoSec
Algosec Cloud automates cloud security policy management, providing visibility, risk mitigation, and compliance across hybrid environments. Secure your cloud with application-first security Gain complete network visibility. Simplify. Automate. Comply. Schedule a demo Watch a video Trusted by over 2,200 organizations since 2004 The cloud network security challenge Is your cloud network a maze of complexity? Hybrid and multi-cloud environments create a complex web of network security challenges. Fragmented visibility, manual processes, and evolving threats leave your organization vulnerable. Introducing AlgoSec Cloud Your Network Security Command Center. AlgoSec Cloud empowers you to take control of your network security posture with a single, unified platform. Gain unparalleled visibility, automate security tasks, and proactively address risks across your entire cloud ecosystem. Key Benefits Comprehensive Visibility: See every application, asset, configuration, and potential vulnerability across your on-premises and multi-cloud environments. Automation: Eliminate manual errors and streamline security operations with intelligent automation for network security policy management, change control, and compliance checks. Risk Mitigation: Proactively identify and prioritize network risks, and receive actionable recommendations for remediation. Compliance: Ensure continuous compliance with industry regulations and internal policies. Operational Efficiency: Foster collaboration across teams and free up resources to focus on innovation, not just firefighting. Experience the power of unified cloud network security and compliance. Use Cases: Transforming Network Security Real-World Solutions for Real-World Challenges: Simplify Network Application Security Management Accelerate Cloud Adoption Respond to Security Incidents Faster Optimize Network Security & Costs End-to-end security management Application discovery and visibility is only one piece of a robust security policy.See how our full solution suite completes the picture Horizon Security Analyzer Security policy you can see Enable visibility across your hybrid network, optimize firewall rules, and prioritize risks Horizon Security Analyzer Horizon FireFlow Automate and secure policy changes Process security changes in a fraction of the time by automating the entire security policy change process. FireFlow solution Horizon AppViz Clear application visibility Application discovery and connectivity management AlgoSec Horizon AppViz solution Equip yourself with the technical details to discuss with your team and managers Ready for a deep dive? Learn more Got everything you need? Here’s how you get started How to buy Learn more Get the conversation started by sharing it with your team Solution brochure Learn more Here's how we secure our SaaS solution Cloud Security Watch the video "With AlgoSec, I am able to get requests completed within minutes" What they say about us IT Director Get the latest insights from the experts 6 best practices to stay secure in the hybrid cloud Read eBook NCR Corporation's Network Security Transformation with AlgoSec Watch it now AlgoSec cloud product demo Watch it now Schedule time to manage your application connectivity in the cloud Schedule time to manage your application connectivity in the cloud Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue
- AlgoSec Security Management solution A33.10 delivers new compliance reporting and precise discovery of application connectivity
The new product version release provides extended multi-cloud hybrid network visibility, reduces risk exposure and addresses new compliance regulations in a unified platform AlgoSec Security Management solution A33.10 delivers new compliance reporting and precise discovery of application connectivity The new product version release provides extended multi-cloud hybrid network visibility, reduces risk exposure and addresses new compliance regulations in a unified platform May 20, 2025 Speak to one of our experts RIDGEFIELD PARK, NJ, May 20, 2025 – Global cybersecurity leader AlgoSec has launched its new Security Management solution version A33.10, as a part of its AlgoSec Horizon platform. The new release provides better visibility across multi-cloud hybrid network environments, prioritizes risks more easily, reduces compliance effort and cuts down on manual processes by automating policy changes. As network environments grow more distributed, visibility becomes harder to maintain. The 2025 State of Network Security Report found that 71% of security teams struggle with visibility, which is delaying threat detection and response. Without comprehensive network visibility, security teams lack a clear understanding of application behavior to protect, detect, and prevent vulnerabilities. “AlgoSec is committed to updating its products to solve everyday problems that security teams face,” said Eran Shiff , VP Product of AlgoSec. “The A33.10 release ensures that our customers have clear and unified visibility into their complex hybrid network environment to reduce manual processes and ensure proper compliance reporting.” Highlights from the AlgoSec Horizon product update include: ● Visibility continues at the application level. Application security management is now faster and smarter with AlgoSec Horizon Security Analyzer and AlgoSec ACE ’s cloud application discovery as a datasource, allowing the creation of an application library fast. ● Security and compliance go hand in hand. To prepare security teams for audits and identify risks earlier, the new update includes a dedicated DORA and SOC2 compliance reporting, as well as built-in MITRE ATT&CK mapping. ● Streamlined application traffic view. This release introduces early availability support for AWS Load Balancer and Cisco Catalyst SD-WAN (Viptela), helping teams clearly see how traffic traverses across hybrid infrastructure and make more informed decisions. To learn more about the new A33.10 product release, click here . About AlgoSec AlgoSec, a global cybersecurity leader, empowers organizations to securely accelerate application delivery up to 10 times faster by automating application connectivity and security policy across the hybrid network environment. With two decades of expertise securing hybrid networks, over 2200 of the world's most complex organizations trust AlgoSec to help secure their most critical workloads. AlgoSec Horizon platform utilizes advanced AI capabilities, enabling users to automatically discover and identify their business applications across multi-clouds, and remediate risks more effectively. It serves as a single source for visibility into security and compliance issues across the hybrid network environment, to ensure ongoing adherence to internet security standards, industry, and internal regulations. Additionally, organizations can leverage intelligent change automation to streamline security change processes, thus improving security and agility. Learn how AlgoSec enables application owners, information security experts, SecOps and cloud security teams to deploy business applications faster while maintaining security at www.algosec.com . MEDIA CONTACT: Megan Davis Alloy, on behalf of AlgoSec [email protected]
- Partner solution brief AlgoSec & Zscaler - AlgoSec
Partner solution brief AlgoSec & Zscaler Download PDF Download PDF Add a Title Add a Title Add a Title Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue
- Careers | algosec
What you do Matters Where your voice will always be heard and your opinion will always count Join our awesome team Our Values Teamwork and great work environment Customer satisfaction Excellence Accountability and execution Thorough decision-making process Diversity Equity Inclusion & Belonging 540+ employees Personal Coaching Mentoring Day in a life AlgoSec DEIB Diversity, Equity, Inclusion, and Belonging We are passionate about People, Culture, Growth, Collaboration Our Vision: Secure Application Connectivity, Anywhere. 26 Location Worldwide
- Best Practices: Incorporating Security into DevOps | algosec
Security Policy Management with Professor Wool Best Practices: Incorporating Security into DevOps Best Practices for Incorporating Security into DevOps, is a whiteboard-style series of lessons that examine the challenges of and provide technical tips for how to incorporate security throughout the DevOps process. Lesson 1 In this lesson, Professor Wool examines the need for and the process of adjusting application connectivity throughout each stage of the DevOps lifecycle. Best Practices for Incorporating Security Automation into the DevOps Lifecycle Watch Lesson 2 In theory adding capacity should be fairly straightforward, with minimal need for any intervention by the organization’s security team. But in practice it’s a little more complex. In this video Professor Wool provides some tips and best practices to help you add capacity without having to change your security policies, complete a security review or worse still, cause an outage or gap in the security perimeter. Tips for Adding Capacity Without Changing Your Security Policies Watch Lesson 3 In a typical DevOps scenario development team adds new functionality to an existing business application and then rolls it out into production. However, while the new functionality worked as planned in both the test and pre-production environments, the application then fails when moved into the live production environment. In this video, Professor Wool will discuss the reasons why this process went wrong, and how you can fix it. How to Integrate Security into the Test Environment Watch Lesson 4 In previous lessons Professor Wool discussed how building security into DevOps processes at an early stage helps organizations maximize the speed and agility of application development, while minimizing the risks of problems and outages when the applications go live. In this whiteboard video Professor Wool looks at how security automation helps to speed up the practice of Continuous Integration (CI) - a core element of DevOps. How to Integrate Security into the CI Process Watch Have a Question for Professor Wool? Ask him now Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue
- Migrate & modernize: Supercharging your Cisco Nexus refresh with ACI | AlgoSec
Webinars Migrate & modernize: Supercharging your Cisco Nexus refresh with ACI If you still have Cisco Nexus 7000 devices in your environment, surely you have been inundated with end-of-life warnings and next-gen messaging touting the benefits of upgrading to Nexus 9000 with Cisco ACI. We know, modernizing your infrastructure can be a real pain, but with change also comes opportunity! Find out in this session how to leverage your Nexus refresh to increase your efficiency and productivity, and reduce security concerns at the same time. AlgoSec’s Jeremiah Cornelius, along with Cisco’s Cynthia Broderick, will guide you on how to: Migrate your current Nexus flows to ACI using your preferred mode – network or application centric Remove vulnerabilities caused by human error via automation of network change processes. Instantly identify and remediate risk and compliance violations. June 9, 2021 Cynthia Broderick DC Networking, Business Development at Cisco Jeremiah Cornelius Technical Leader for Alliances and Partners at AlgoSec Relevant resources Modernize your network and harness the power of Nexus & Cisco ACI with AlgoSec Watch Video AlgoSec’s integration with Cisco ACI Watch Video Cisco & AlgoSec achieving application-driven security across your hybrid network Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue
- Firewalls Ablaze? Put Out Network Security Audit & Compliance Fires | AlgoSec
Webinars Horizon AppViz Ablaze? Ablaze? Put Out Network Security Audit & Compliance Fires The growing body of regulations and standards forces enterprises to put considerable emphasis on compliance verified by ad hoc and regular auditing of security policies and controls. While regulatory and internal audits entail a wide range of security checks, network firewalls are featured prominently as they are the first line of defense of the enterprise network. Typical networks might include tens or hundreds of firewalls from multiple vendors running thousands of rules. Auditing firewalls for compliance is becoming more complex and demanding all the time. Documentation of current rules and their evolution of changes is lacking Time and resources required to find, organize and inspect all the firewall rules to determine the level of compliance is exorbitant and growing It’s time to adopt auditing’s best practices to maintain continuous compliance. Join us in this webinar to discover the Firewall Audit Checklist, the 6 best practices that will ensure successful audits and full compliance. By adopting these best practices, security teams will significantly improve their network’s security posture and reduce the pain of ensuring compliance with regulations, industry standards and corporate policies. Tal Dayan AlgoSec security expert Relevant resources Firewall audit checklist for security policy rules review Firewall audit checklist for security policy rules review See Documentation AlgoSec Horizon AppViz - Application visibility for AlgoSec Firewall Analyzer See Documentation Firewall policy management Automate firewall rule changes See Documentation Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue
- Enterprise hybrid network management solutions - AlgoSec
Enterprise hybrid network management solutions Download PDF Download PDF Add a Title Add a Title Add a Title Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue
- Prevasio IaC security scanning | AlgoSec
Discover seamless IaC security scanning with AlgoSec s Prevasio Protect your cloud infrastructure effortlessly Learn more now Enhance DevOps with automated IaC security scanning Leverage a single tool and policy for seamless collaborationbetween developers and security teams Schedule a demo Schedule a demo Watch a video End-to-end cloud configuration management Leverage Prevasio's advanced capabilities to identify misconfigurations within your IaC templates . We support a range of compliance frameworks covering technologies such as Terraform and Kubernetes. End-to-end network security control management Consolidate and streamline network security controls, including security groups and Azure firewalls, into one centralized system. Easily manage multiple clouds, accounts, regions, and VPC/VNETs, to save time and minimize misconfigurations by handling similar security controls through a single security policy. End-to-end container lifecycle management Utilize Prevasio's mitigation rules including domain, country, CVE and open port coverage, to perform container image scanning during the build phase to block the inclusion of non-compliant images in the registry. Ensure compliance with continuous scanning. Get the latest insights from the experts cloud-security-prevasio-iac-security-scanning Read blog Bridging the DevSecOps Application Connectivity Disconnect via IaC Read blog Mitigating cloud security risks through comprehensive automated solutions Read blog Schedule time and secure your cloud Schedule time and secure your cloud Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call
- Bridging NetOps and SecOps: An Experts’ Panel
Silos hurt security NetworkSecurity is the responsibility of both NetOps SecOps In this panel with Cisco, Conscia AlgoSec security experts, we’ll share how to bring the teams together Webinars Bridging NetOps and SecOps: An Experts’ Panel Silos hurt security. Your network and its security are not managed by just one team. It is the responsibility of both NetOps and SecOps, but these teams don’t always play well together. In this security experts’ panel, Doug Hurd from Cisco, Henrik Skovfoged from Conscia, Oren Amiram and Tsippi Dach from AlgoSec will share how you can bring NetOps and SecOps teams together with Cisco ACI, Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec. Discover how NetOps and SecOps teams can: Bridge the NetOps/SecOps divide, improve communication, and break down the silos between network and security. Align network, security, and business application owners Improve the entire network security with Cisco Secure Workload and firewall management Automate tasks and gain network traffic visibility of networks and security controls for threat detection, analysis and response across Cisco ACI and the entire hybrid and multi-vendor network. March 16, 2021 Alex Hilton Chief Executive at Cloud Industry Forum (CIF) Tsippi Dach Director of marketing communications Relevant resources Cisco & AlgoSec achieving application-driven security across your hybrid network Keep Reading DevSecOps: Putting the Sec into the DevOps Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue
- AlgoSec | Network Security vs. Application Security: The Complete Guide
Enterprise cybersecurity must constantly evolve to meet the threat posed by new malware variants and increasingly sophisticated hacker... Uncategorized Network Security vs. Application Security: The Complete Guide Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 1/25/24 Published Enterprise cybersecurity must constantly evolve to meet the threat posed by new malware variants and increasingly sophisticated hacker tactics, techniques, and procedures. This need drives the way security professionals categorize different technologies and approaches. The difference between network security and application security is an excellent example. These two components of the enterprise IT environment must be treated separately in any modern cybersecurity framework. This is because they operate on different levels of the network and they are exposed to different types of threats and security issues. To understand why, we need to cover what each category includes and how they contribute to an organization’s overall information security posture. IT leaders and professionals can use this information to their organization’s security posture, boost performance, and improve event outcomes. What is Network Security? Network security focuses on protecting assets located within the network perimeter. These assets include data, devices, systems, and other facilities that enable the organization to pursue its interests — just about anything that has value to the organization can be an asset. This security model worked well in the past, when organizations had a clearly defined network perimeter. Since the attack surface was well understood, security professionals could deploy firewalls, intrusion prevention systems, and secure web gateways directly at the point of connection between the internal network and the public internet. Since most users, devices and applications were located on-site, security leaders had visibility and control over the entire network. This started to change when organizations shifted to cloud computing and remote work, supported by increasingly powerful mobile devices. Now most organizations do not have a clear network perimeter, so the castle-and-moat approach to network security is no longer effective. However, the network security approach isn’t obsolete. It is simply undergoing a process of change, adjusting to smaller, more segmented networks governed by Zero Trust principles and influenced by developments in application security. Key Concepts of Network Security Network security traditionally adopts a castle-and-moat approach, where all security controls exist at the network perimeter. Users who attempt to access the network must authenticate and verify themselves before being allowed to enter. Once they enter, they can freely move between assets, applications, and systems without the need to re-authenticate themselves. In modern, cloud-enabled networks, the approach is less like a castle and more like a university campus. There may be multiple different subnetworks working together, with different security controls based on the value of the assets under protection. In these environments, network security is just one part of a larger, multi-layered security deployment. This approach focuses on protecting IT infrastructure, like routers, firewalls, and network traffic. Each of these components has a unique role to play securing assets inside the network: Firewalls act as filters for network traffic , deciding what traffic is allowed to pass through and denying the rest. Well-configured firewall deployments don’t just protect internal assets from incoming traffic, they also protect against data from leaking outside the network as well. Intrusion Prevention Systems (IPS) are security tools that continuously monitor the network for malicious activity and take action to block unauthorized processes. They may search for known threat signatures, monitor for abnormal network activity, or enforce custom security policies. Virtual Private Networks (VPNs) encrypt traffic between networks and hide users’ IP addresses from the public internet. This is useful for maintaining operational security in a complex network environment because it prevents threat actors from intercepting data in transit. Access control tools allow security leaders to manage who is authorized to access data and resources on the network. Secure access control policies determine which users have permission to access sensitive assets, and the conditions under which that access might be revoked. Why is Network Security Important? Network security tools protect organizations against cyberattacks that target their network infrastructure, and prevent hackers from conducting lateral movement. Many modern network security solutions focus on providing deep visibility into network traffic, so that security teams can identify threat actors who have successfully breached the network perimeter and gained unauthorized access. Network Security Technologies and Strategies Firewalls : These tools guard the perimeters of network infrastructure. Firewalls filter incoming and outgoing traffic to prevent malicious activity. They also play an important role in establishing boundaries between network zones, allowing security teams to carefully monitor users who move between different parts of the network. These devices must be continuously monitored and periodically reconfigured to meet the organization’s changing security needs. VPNs : Secure remote access and IP address confidentiality is an important part of network security. VPNs ensure users do not leak IP data outside the network when connecting to external sources. They also allow remote users to access sensitive assets inside the network even when using unsecured connections, like public Wi-Fi. Zero Trust Models : Access control and network security tools provide validation for network endpoints, including IoT and mobile devices. This allows security teams to re-authenticate network users even when they have already verified their identities and quickly disconnect users who fail these authentication checks. What is Application Security? Application security addresses security threats to public-facing applications, including APIs. These threats may include security misconfigurations, known vulnerabilities, and threat actor exploits. Since these network assets have public-facing connections, they are technically part of the network perimeter — but they do not typically share the same characteristics as traditional network perimeter assets. Unlike network security, application security extends to the development and engineering process that produces individual apps. It governs many of the workflows that developers use when writing code for business contexts. One of the challenges to web application security is the fact that there is no clear and universal definition for what counts as an application. Most user-interactive tools and systems count, especially ones that can process data automatically through API access. However, the broad range of possibilities leads to an enormous number of potential security vulnerabilities and exposures, all of which must be accounted for. Several frameworks and methods exist for achieving this: The OWASP Top Ten is a cybersecurity awareness document that gives developers a broad overview of the most common application vulnerabilities . Organizations that adopt the document give software engineers clear guidance on the kinds of security controls they need to build into the development lifecycle. The Common Weakness Enumeration (CWE) is a long list of software weaknesses known to lead to security issues. The CWE list is prioritized by severity, giving organizations a good starting point for improving application security. Common Vulnerabilities and Exposures (CVE) codes contain extensive information on publicly disclosed security vulnerabilities, including application vulnerabilities. Every vulnerability has its own unique CVE code, which gives developers and security professionals the ability to clearly distinguish them from one another. Key Concepts of Application Security The main focus of application security is maintaining secure environments inside applications and their use cases. It is especially concerned with the security vulnerabilities that arise when web applications are made available for public use. When public internet users can interact with a web application directly, the security risks associated with that application rise significantly. As a result, developers must adopt security best practices into their workflows early in the development process. The core elements of application security include: Source code security, which describes a framework for ensuring the security of the source code that powers web-connected applications. Code reviews and security approvals are a vital part of this process, ensuring that vulnerable code does not get released to the public. Securing the application development lifecycle by creating secure coding guidelines, providing developers with the appropriate resources and training, and creating remediation service-level agreements (SLAs) for application security violations. Web application firewalls, which operate separately from traditional firewalls and exclusively protect public-facing web applications and APIs. Web application firewalls monitor and filter traffic to and from a web source, protecting web applications from security threats wherever they happen to be located. Why is Application Security Important? Application security plays a major role ensuring the confidentiality, integrity, and availability of sensitive data processed by applications. Since public-facing applications often collect and process end-user data, they make easy targets for opportunistic hackers. At the same time, robust application security controls must exist within applications to address security vulnerabilities when they emerge and prevent data breaches. Application Security Technologies Web Application Firewalls. These firewalls provide protection specific to web applications, preventing attackers from conducting SQL injection, cross-site scripting, and denial-of-service attacks, among others. These technical attacks can lead to application instability and leak sensitive information to attackers. Application Security Testing. This important step includes penetration testing, vulnerability scanning, and the use of CWE frameworks. Pentesters and application security teams work together to ensure public-facing web applications and APIs hold up against emerging threats and increasingly sophisticated attacks. App Development Security. Organizations need to incorporate security measures into their application development processes. DevOps security best practices include creating modular, containerized applications uniquely secured against threats regardless of future changes to the IT environment or device operating systems. Integrating Network and Application Security Network and application security are not mutually exclusive areas of expertise. They are two distinct parts of your organization’s overall security posture. Identifying areas where they overlap and finding solutions to common problems will help you optimize your organization’s security capabilities through a unified security approach. Overlapping Areas Network and application security solutions protect distinct areas of the enterprise IT environment, but they do overlap in certain areas. Security leaders should be aware of the risk of over-implementation, or deploying redundant security solutions that do not efficiently improve security outcomes. Security Solutions : Both areas use security tools like intrusion prevention systems, authentication, and encryption. Network security solutions may treat web applications as network entry points, but many hosted web applications are located outside the network perimeter. This makes it difficult to integrate the same tools, policies, and controls uniformly across web application toolsets. Cybersecurity Strategy : Your strategy is an integral part of your organization’s security program, guiding your response to different security threats. Security architects must configure network and application security solutions to work together in use case scenarios where one can meaningfully contribute to the other’s operations. Unique Challenges Successful technology implementations of any kind come with challenges, and security implementations are no different. Both application and network security deployments will present issues that security leaders must be prepared to address. Application security challenges include: Maintaining usability. End users will not appreciate security implementations that make apps harder to use. Security teams need to pay close attention to how new features impact user interfaces and workflows. Detecting vulnerabilities in code. Ensuring all code is 100% free of vulnerabilities is rarely feasible. Instead, organizations need to adopt a proactive approach to detecting vulnerabilities in code and maintaining source code security. Managing source code versioning. Implementing DevSecOps processes can make it hard for organizations to keep track of continuously deployed security updates and integrations. This may require investing in additional toolsets and versioning capabilities. Network security challenges include: Addressing network infrastructure misconfigurations. Many network risks stem from misconfigured firewalls and other security tools. One of the main challenges in network security is proactively identifying these misconfigurations and resolving them before they lead to security incidents. Monitoring network traffic efficiently. Monitoring network traffic can make extensive use of limited resources, leading to performance issues or driving up network-related costs. Security leaders must find ways to gain insight into security issues without raising costs beyond what the organization can afford. Managing network-based security risks effectively. Translating network activity insights into incident response playbooks is not always easy. Simply knowing that unauthorized activity might be happening is not enough. Security teams must also be equipped to address those risks and mitigate potential damage. Integrating Network and Application Security for Unified Protection A robust security posture must contain elements of both network and application security. Public-facing applications must be able to filter out malicious traffic and resist technical attacks, and security teams need comprehensive visibility into network activity and detecting insider threats . This is especially important in cloud-enabled hybrid environments. If your organization uses cloud computing through a variety of public and private cloud vendors, you will need to extend network visibility throughout the hybrid network. Maintaining cloud security requires a combination of network and web application security capable of producing results in a cost-effective way. Highly automated security platforms can help organizations implement proactive security measures that reduce the need to hire specialist internal talent for every configuration and policy change. Enterprise-ready cloud security solutions leverage automation and machine learning to reduce operating costs and improve security performance across the board. Unify Network and Application Security with AlgoSec No organization can adequately protect itself from a wide range of cyber threats without investing in both network and application security. Technology continues to evolve and threat actors will adapt their tactics to exploit new vulnerabilities as they are discovered. Integrating network and application security into a single, unified approach gives security teams the ability to create security policies and incident response plans that address real-world threats more effectively. Network visibility and streamlined change management are vital to achieving this goal. AlgoSec is a security policy management and application connectivity platform that provides in-depth information on both aspects of your security posture. Find out how AlgoSec can help you centralize policy and change management in your network. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call






