How can you secure your Exposed services without installing the patch by the vendor?

Have a look at the use case below about recent security updates by router giant cisco. Recently 12 severe security vulnerabilities and Patches issued by Cisco. Among those three of them are critical authentication bypass issues.

Now lets drill deep down, CVE-2019-15975, CVE-2019-15976, and CVE-2019-15977 . The first two are REST API and SOAP API Endpoints and the third one belongs to the category of authentication bypass vulnerability in the web-based management interface for Cisco DCNM To exploit this, attackers are sending specially crafted requests to these Endpoints. Did I say Endpoints and Requests, Yes this is a typical case of API exploitation through Layer 7.

Here comes the significance of Prophaze KubeWAF which can secure API Endpoints against zero days. In a typical scenario, your API endpoints are exposed through KubeWAF. Strange patterns can be blocked by our hybrid security model before reaching the Endpoint.