AZ-EDGIO
22.2.2024 14:01:35 CET | Business Wire | Press release
Edgio (NASDAQ: EGIO), the platform of choice for speed, security, and simplicity at the edge, found that web application attacks continued to increase and evolve in the fourth quarter of 2023, as reported in its new Edgio Quarterly Attack Trends Report in which the company analyzed 5.2 billion attack requests. Edgio found that the most prevalent attack mitigated was path traversal. A successful path traversal attack allows a threat actor to access files on a web server, and has surpassed the prior #1 threat, SQL injection, a common attack vector that often uses malicious SQL statements to attempt to exfiltrate sensitive data from databases behind applications.
Edgio’s report explains how path traversal attacks can lead to deep system intrusions posing a significant threat to an organization’s infrastructure and the confidentiality, integrity, and availability of data delivered over the Internet. These attacks can result in unauthorized access to content, the loss of personally identifiable information (PII), the dissemination of private/copyrighted information, or even remote code execution. Unmitigated attacks can lead to even more serious consequences, such as the deployment of ransomware or other malicious software.
“As one of the leading edge-computing providers, Edgio has unparalleled visibility into the threats facing web applications today,” said Tom Gorup, Vice President of Security for Edgio. “We are assembling our knowledge and expertise into a quarterly read-out to enable enterprises to better protect their web infrastructure and applications. As more businesses become dependent on their digital assets, it’s critical this knowledge is shared to build a safer Internet.”
The report looked at malicious requests and the different types of blocking, categorizing protection into three categories: access control rules, managed rulesets, and custom signatures. Of those that were focused on access controls, over 76% of mitigated requests were based on IP, user-agent, and country matches, highlighting just how much bad traffic can be eliminated with basic blocklisting tactics. With managed rulesets, Edgio saw a wide range of threat types blocked, with path traversal, SQL injection and cross-site scripting (XSS) attacks leading the way when it comes to OWASP attacks.
In addition, Edgio was able to review web application firewall (WAF) request denials by country of origin, while noting that attackers often leverage local resources to launch attacks in order to evade geofencing tactics. This could explain why attacks coordinated from advanced threat actors in more prominent countries did not crack Edgio’s Top 10 for the quarter.
Top countries by malicious request origin, making up nearly 62% of all requests denied, include:
- United States – 26.3%
- France – 17.4%
- Germany – 9.4%
- Russia – 8.8%
Edgio found that WAF customers used access control features to allow or deny specific request methods, using their knowledge of their own applications to inform their security controls and lower risk. The report indicates that attackers frequently leverage request methods like HEAD that return app and infrastructure information that can be used by the attacker for reconnaissance purposes and to craft a malicious payload.
Based on deep parsing of attack payloads, Edgio found that 98% of all malicious payloads fell into JavaScript Object Notation (JSON) and URL encoded form categories (used for storing and transporting data) but cautioned security teams to remain vigilant as attackers evolve in their selection of payload content types.
Best practices for digital asset protection: proactively stop threats against websites and applications
Based on its findings, Edgio recommends the following methods to best protect digital assets, including websites and applications:
- Ensure your WAF provides a layered defense to protect organizations against the known bad, application-specific, and emerging threats. A complete solution will show a distribution of enforcement across access control rules, managed rulesets, and custom signatures.
- Blocklists are still an effective and low-cost part of a layered security approach to safeguard Internet-facing assets. Organizations should also take advantage of threat intelligence feeds to further harden their security posture against known bad actors.
- While managed rules are often maintained and updated by your WAF provider, it is not advisable to use a ‘set it and forget’ approach. As an application evolves and new functionalities are developed, policy reviews and analysis of managed ruleset enforcement is recommended. It is best to ensure rules are closely aligned with business application needs.
- Organizations should take the time to understand where they are doing business and where they aren’t allowed to do business. Block the countries or sub-regions that bring no value to a brand to reduce their attack surface. Blocking embargoed countries is a great starting point, but don’t rely on this approach as a catch all for bad actors.
- Know the application and use this knowledge to inform security solutions, like a WAF, to limit the application request methods or content types based on application needs.
To obtain a full copy of the report, click here.
About Edgio
Edgio (NASDAQCM: EGIO) helps companies deliver online experiences and content faster, safer and with more control. Our developer-friendly, globally scaled edge network, combined with our fully integrated application and media solutions, provides a single platform for delivering high-performing, secure web properties and streaming content. Companies can deliver content quicker and more securely through this fully integrated platform and end-to-end edge services, boosting overall revenue and business value. To learn more, visit edg.io and follow us on Twitter, LinkedIn and Facebook.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240222674952/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
IFF to Release Second Quarter 2026 Results on August 4, 20269.7.2026 22:15:00 CEST | Press release
IFF (NYSE: IFF) today announced that it will release its second quarter 2026 earnings results following the market close on Tuesday, August 4, 2026. The management team will host a live webcast on Wednesday, August 5, 2026, at 9:00 a.m. ET to discuss results and outlook with the investor community. Investors may access the live webcast and accompanying slide presentation on the company's website at ir.iff.com. For those unable to listen to the live webcast, a recorded version will be made available for replay. Welcome to IFF At IFF (NYSE: IFF), we make joy through science, creativity and heart. As the global leader in taste, scent, food ingredients, health and biosciences, we’re innovating for the future. Every day, we deliver groundbreaking, sustainable solutions that elevate products people love — advancing wellness, delighting the senses and enhancing the human experience. Learn more at iff.com, LinkedIn, Instagram and Facebook. View source version on businesswire.com: https://www.b
Andersen Global tilføjer samarbejdspartneren Abcoo Law Firm9.7.2026 20:28:00 CEST | Pressemeddelelse
Andersen Global styrker sin tilstedeværelse i Tyrkiet gennem en samarbejdsaftale med advokatfirmaet Abcoo Law Firm, der tilfører bredere juridiske kompetencer til organisationens eksisterende platform i landet. Abcoo blev grundlagt i 2014 og rådgiver lokale og internationale klienter inden for en bred vifte af juridiske tjenester med erfaring inden for selskabsret og M&A, fast ejendom og byggeri, tvistbilæggelse, ansættelsesret, compliance, bank og finans, konkurrenceret samt immaterialret. Firmaet nævnes konsekvent som værende blandt de førende advokatfirmaer af internationale publikationer, herunder The Legal 500. Abcoo understøtter organisationer på tværs af en lang række brancher, herunder ejendomshandel og byggeri, detailhandel, tekstil, kosmetik, bilindustrien, logistik, kemikalier, it, energi, sundhedsvæsnet, produktion og finansielle tjenesteydelser, inden for hvilke de yder strategisk juridisk rådgivning og kommercielt fokusererede løsninger. "Vores prioritet har altid været a
DEWA International Launched as a Wholly Owned Independent Subsidiary of DEWA to Develop Global Energy and Water Projects9.7.2026 18:07:00 CEST | Press release
HH Sheikh Ahmed bin Saeed Al Maktoum, Chairman of the Dubai Supreme Council of Energy, announced the establishment of ‘DEWA International’, a wholly owned independent subsidiary of Dubai Electricity and Water Authority (DEWA). The company aims to develop conventional and clean energy projects worldwide and export Dubai’s successful energy and water infrastructure model to global markets. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260709099653/en/ DEWA International launched as a wholly owned independent subsidiary of DEWA to develop global energy and water projects (Photo: AETOSWire) HH Sheikh Ahmed bin Saeed Al Maktoum said: “Thanks to the vision and directives of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, Dubai has become a global model for achievement and accelerated development. Through its world-class infrastructure, particularly in the energy
Echodyne Opens New Manufacturing Facility to Meet Surging Global Demand for Advanced MESA® Radar9.7.2026 15:00:00 CEST | Press release
New Washington State facility provides capacity to manufacture more than 30,000 radars annually, strengthening the U.S. defense industrial base As governments around the world accelerate investment in counter-unmanned aircraft systems (C-UAS) and short-range air defense, Echodyne today announced the opening of a new advanced radar manufacturing facility in Washington State, significantly expanding its manufacturing capacity to meet rapidly growing demand from U.S. and allied customers. With millions of drones manufactured and used by both sides in the Russian War in Ukraine, the need for enhanced safety for defense, national security, and critical infrastructure assets grows with every successful strike and interception. The low cost and high utility of drones dramatically alters the need for safety and security sensors. And as the low altitude economy takes off, hundreds of thousands of drones will perform a range of life-saving and commercial missions, requiring a sensor infrastructu
Orca Security Report: 99.9% of Fixable AI Vulnerabilities Remain Unpatched as AI Moves Into Production9.7.2026 15:00:00 CEST | Press release
Analysis of more than 1,200 production cloud environments provides a first-hand view into how organizations are embedding AI into business-critical workflows, exposing new security risks that traditional controls weren't built to address. Orca Security, a leader in cloud and AI security, today released its 2026 State of AI Security Report, offering a first-hand view into how AI is being deployed across more than 1,200 production cloud environments. The findings show AI is no longer limited to isolated pilots or developer experiments. Organizations are embedding AI into production applications, cloud services, and autonomous workflows faster than security programs can adapt. More than half (56%) of organizations have already deployed AI agents into production, while 51% use AI to build custom applications. At the same time, Orca found that 81% of organizations run vulnerable AI packages, and 99.9% of fixable AI vulnerabilities remain unpatched, highlighting how quickly AI has become ope
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
