The information security professional’s mission has gradually become extraordinarily complex. At times, this mission borders on contradiction. Quite often, responsibility for the various components that form an enterprise environment is spread not only among multiple teams within the enterprise but also among vendors, partners, and service providers.

In this 2021 Application Protection Report by F5 Labs, Sander, Ray, Shahnawaz, and Malcom look at the breaches in the past year as a series of attacker techniques, explore the outcomes, and provide some recommendations for controls you can implement in your environment.

Some Highlights

• Two-thirds of API incidents in 2020 were attributable to either no authentication, no authorization, or failed authentication and authorization.
• In 2020, four sectors—finance/insurance, education, health care, and professional/technical services—experienced a greater number of breaches than retail (the leader in 2018 and 2019), partly driven by the growth in ransomware.
• The most important controls are privileged account management, network segmentation, restricting web-based content, data backup, and exploit protection (i.e., WAF).

DevCentral Connects featuring Sander Vinberg

Or, if you prefer, listen to Jason & John talk to Sander, directly, on DevCentral Connects.