With potential attack surfaces for web apps growing all the time, companies need a way to find and close vulnerabilities that are susceptible to exploitation. Intertec helps you to do just that by offering fully-managed cyber security services. Using innovative “shielding” technology, we offer our clients a way to immediately neutralize vulnerabilities in their APIs that would otherwise take months of remediation to close.
We use automation to provide real-time protection that’s customized to our users’ needs. The result is a turnkey cyber security solution that requires no change from a user point of view and zero internal development effort, resulting in both improved security and real cost saving.
Our services help to close the exposure gap that results in costly hacks and data breaches--all in a way that’s faster, more efficient, and more cost-effective than ever before.
Leading-Edge Shield Technology
The average web app has 12-20 weaknesses that require remediation. Hackers are faster than developers, which means you need a solution that's faster than both.
When it comes to web application security, there’s a lot that can go wrong. Hackers and malicious actors are working round the clock to find and exploit new vulnerabilities in every nook and cranny of the digital world, and it can be extremely difficult for smaller companies to even keep up with the baseline set of best practices.
To wit, a recent survey found that one out of every five applications had some kind of security misconfiguration—whether that’s improper authentication, weak password requirements, weak password recovery requirements, insufficient restrictions on authentication attempts, or any other of a host of possible failings. And this is before we get into things like broken authentication, cross-site scripting, code injection, and data exposure. There’s a lot to keep track of, and it’s a difficult job even under the best of circumstances. When your developer resources are overtaxed and already spread thin, it’s practically impossible.
Unfortunately, failure’s not an option when it comes to securing your data and that of your customers. The annual cost of cybercrime measures in the trillions of dollars, and that number is only going to rise. From our perspective, this fact—and the facts we’ll present below—have a clear takeaway: securing your web applications has never been more crucial to business success.
The picture we’ve painted above might seem a little bit bleak. And, make no mistake, cyber security presents real risks and challenges for even the savviest of organizations. That said, not all is lost if your business has known vulnerabilities and no immediate way to resolve them within your code base. Using perimeter shielding technology, it’s possible to take the general idea behind WAFs (“let’s create a line of defense that sets rules for web traffic”) and improve upon it significantly. For instance, because WAFs can’t maintain an application state, they can’t protect against the kinds of business logic flaws that we described above; with more sophisticated perimeter shielding technology, it’s possible to create new rules on the fly that make it impossible to exploit business logic problems. Indeed, the kind of technology we’re talking about would give you the tools to automatically adjust code as its being implemented (i.e. without changing it on your own servers), effectively closing all of your known vulnerabilities in one fell swoop.
What would this kind of API and application protection really involve? For starters, it would be built upon AI and machine learning that could improve upon the functionality of WAFs (e.g. by reducing false positives). From there, because there’s no such thing as a one-size-fits all security solution, you would want these protections to be augmented by managed security services that increased your coverage and decreased your odds of costly configuration errors. In this scenario, the gap between discovering vulnerabilities and remediating them would be effectively eliminated. For vulnerabilities that required lengthy fixes, this would give you peace of mind during the months-long span of time it might take to actually close the loophole or fix the bug. For vulnerabilities that continue to confound your developers, this kind of shielding provides protection even when the relevant Jira ticket is gathering dust.
By using a combination of managed services and cutting edge technology, it’s possible to radically reduce false positives and still cover all of the attack surfaces that developers, pen-testers, or others have identified within your application. This, in turn, can have a cascade effect leading to:
All of this makes you a hacker’s worst nightmare. It gives you the option to remediate code at your own pace, and it saves you from the possibility of a costly attack on a known vector.