LogicMonitor goes beyond basic monitoring to deliver exactly that. LogicMonitor’s LM Envision platform delivers AI-powered insights that help IT teams accelerate troubleshooting, improve efficiency, and take a more proactive approach to monitoring.

Our latest innovations further extend this vision:

• Log Analysis: Empower your team with AI-guided insights for faster incident resolution.
• SNMP Traps as Logs: Extend hybrid visibility into legacy network technology to streamline troubleshooting.
• Role-based access control (RBAC) for Modules, Security Settings, and Recommendations: Enhance control and reduce administrative burden.

With LM Envision, you’re not just reacting to problems; you’re preventing them.

Log Analysis: AI-powered troubleshooting for Level 1 support

Log data is a goldmine of insights, but without AI it is nearly impossible to mine all that data and find the insightful gold nuggets. Our new Log Analysis feature harnesses the power of natural language processing (NLP) and other machine learning (ML) techniques to create meaning from the vast troves of unstructured data that can be ingested into LM Logs, and expedite troubleshooting across the entire IT stack by surfacing and sorting problematic logs in a simple visual interface.

Log Analysis automatically sorts through thousands of logs and leverages AI to plot error codes, negative phrases, or keywords and extract numeric values from text. In the past, engineers had to manually create queries in a search bar with advanced parsing or regex capabilities.  Log Analysis automates this previously manual and time-consuming process for users of all skill levels.

Log Analysis uses visual diagrams to quickly surface problematic logs.

Within Log Analysis, logs are now grouped into intuitive visual diagrams based on Sentiment, Level, Keyword, Exception, Class, and Resource. The Sentiment diagram allows you to view logs weighted by severity level on a scale of 1 to 5 (with 5 being the most critical) to help you prioritize and troubleshoot faster. The Keyword diagram groups logs by negative phrases like “error,” “failed,” or “critical” in a single view to help customers quickly identify issues and facilitate faster root cause analysis (RCA).

The intuitive visual interface allows for easy customization of specific log phrases and associated severity, so you can incorporate your own policies, dimensions, or user-defined keywords to tailor the groupings and sentiment scores for your specific environment.

Navigate seamlessly to Log Analysis from the Logs, Alerts, or Resource Explorer pages within LM Envision, and effortlessly exclude a term, drill down for details, and view log summaries with timestamps and frequency—all just a few clicks away. Log Analysis also works hand-in-hand with Log Anomaly Detection. Once an alert triggers, simply launch a Log Analysis session – without leaving the alert info screen or writing a complex log query – to pinpoint the problematic logs and identify the negative keywords and errors that contributed to the alert. Log Analysis will then apply machine learning and layered intelligence to scan the logs associated with the alert and serve up the most problematic logs in a simple visual diagram.

Key benefits:

• Empower Level 1 support: Enable less experienced team members to quickly identify and resolve issues with AI-guided troubleshooting, democratizing log insights.
• Accelerate root cause analysis: Pinpoint the source of problems faster with automatic log categorization, severity scoring, and the extraction of numeric values from text.
• Reduce Mean Time to Repair (MTTR): Get systems back up and running faster with actionable insights at your fingertips, presented in visual diagrams and summaries.
• Optimize efficiency: Free up your senior engineers for more strategic work by automating routine log analysis, improving Enterprise efficiency, and lowering administrative costs.

To learn more about Log Analysis, watch a quick demo video.

5:07

 

Please note that users must toggle on the latest UI to take advantage of this feature. 

Putting our own features to the test

At LogicMonitor, we leverage our own products to monitor our infrastructure, applications, and services. So it comes as no surprise that LogicMonitor engineers have been using Log Analysis as part of LogicMonitor’s use and test approach, which allows us to stress test new releases with internal and external early adopters. Internal users have amazing things to say about this new feature. Nick Johnson, Senior Software Engineer, is “loving the tool so far” and has “been using it extensively for Cloud Recommendations.” He is especially excited about the negative phrases panel, which he says “has been huge in seeing where we’re over-logging, double-logging, and finding commonalities.” William Shipman, Site Reliability Engineer, stated that “the ability to extract numeric values from logs is one of the coolest things I’ve seen yet. I really like the negative phrase analysis, but the ability to plot counts over time and extract numeric values from text is game-changing.”

SNMP Traps as Logs: Unlocking comprehensive Network Monitoring

We knew the 90s were making a comeback from fashion to TV with “That 90’s Show” – but SNMP traps? They never went away. That’s because SNMP traps are still an essential part of Network Monitoring, and the market for network devices continues to grow. Traps measure network performance and health while providing timely information about important events across the vast network devices that keep your organization running.

In the past, NetOps managers and administrators have viewed SNMP monitoring as a necessary evil, requiring specialized (and often outdated) on-premises software that generates more alerts than the engineers could act upon.  LogicMonitor has brought SNMP traps into the modern age by transforming them into Logs. This eliminates monitoring gaps and unlocks instant insights into Network issues in a user-friendly interface. Now, you can easily integrate traps into your overall Network Monitoring strategy in a single SaaS platform to immediately identify and troubleshoot network latency, hardware health, packet loss, or interface flapping issues.

Search traps, create queries, identify anomalies, and more with SNMP Traps as Logs.

SNMP Traps as Logs are easily ingested via the LM Collector with no configuration required. With LogicMonitor’s flexible retention policies, there’s no need to maintain storage hardware for traps.

Key benefits:

• Centralized monitoring to reduce tool sprawl and data silos: Replace your old Enterprise trap management system and centralize your network monitoring approach in LogicMonitor. View SNMP traps alongside logs, metrics, and traces in real time, all in a single platform.
• Rich context for fast, proactive troubleshooting: Leverage logging features like Log Anomaly Detection, Log Analysis, queries, filters, data retention, and more for quicker incident resolution. Search historical traps and identify trends to remediate, predict, or prevent future issues. Edwin AI, LogicMonitor’s new generative AI product, can ingest logs and correlate related issues into a single ITSM ticket with a simple summary and recommendations that fast-track RCA.
• Reduced alert fatigue: With stateful alarm clearing, SNMP Traps as Logs will automatically close alerts when a related “clear” trap comes in, eliminating noisy alerts while retaining a record of duplicate alerts.
• 3,000+ seamless integrations: LogicMonitor’s LM Envision platform integrates seamlessly with SNMP Traps (v1, v2, and v3), standard encryption methods, your existing Network Devices, and incident resolution workflows through ServiceNow, Jira, PagerDuty, Slack, and more. For more information, check out our Integrations page.
• Parse and map OIDs and VarBinds: LogicMonitor pulls in critical information from SNMP Trap OIDs and variable bind values and translates them into user-readable values out of the box. LM Envision supports vendor-proprietary log formats as well as Syslog, providing a holistic log solution for Network Operations and Engineering teams.
• Custom MIB support: Users can upload their own proprietary or custom MIB files within the LM Envision platform, extending translation and visibility into any other product that sends SNMP Traps.

SNMP Traps as Logs leverages powerful log features like Anomaly Detection to quickly troubleshoot network issues.

SNMP Trap monitoring is a must-have for enterprises. Treating Traps will unlock much more value for our customers through existing log features. Simply send the traps through the LM Envision—no configuration needed—and let LogicMonitor do the heavy lifting for you to surface actionable insights and important alerts like equipment vendor certification changes, notification failures, or repeated login failures.

Watch our short demo video or visit the documentation site for more information about SNMP Traps as Logs.

6:49

 

5:22

RBAC for LogicModules: Granular role-based access controls to minimize risk

Large complex organizations like enterprises and MSPs have greater RBAC and security needs. With RBAC for LogicModules, these organizations can now set more granular permissions, ensuring that the right team members have the appropriate access level to view or edit specific LogicModules and the underlying data.

This enhanced granularity strikes an ideal balance between minimizing monitoring and outage risks while giving teams the control to monitor the correct data to maximize performance and visibility. Using the module editor, administrators can assign Access Groups to modules directly within the LM Envision platform. After assigning Access Groups, you can filter and view modules by these groups in ‘My Module Toolbox’.

RBAC for LogicModules extends the principle of least privilege to Modules.

The flexibility of Access Groups allows you to tailor permissions to your organization’s structure. You might give a user the ability to update alert thresholds for resource groups, or create “view only” permissions for specific modules. You can also create groups to ensure that:

• The database team can only edit modules related to database monitoring.
• The server team can only edit modules related to server monitoring
• And so on…

This targeted approach prevents teams from accidentally interfering with each other’s monitoring configurations, ensuring comprehensive coverage and reducing the risks of gaps in visibility.

For more information, visit the documentation site.

Security Settings and Recommendations: Protecting your portal with better security visibility and control

We are excited to announce Security Settings and Security Recommendations to help our customers get the most value from LogicMonitor and stay current with security best practices.

Security Settings is your new launchpad for managing security and RBAC within LogicMonitor. This centralized page simplifies the process of reviewing and modifying your environment’s security configuration, providing those with Security permissions with granular control and enhanced visibility over their portal security configuration.

Within Security Settings, you’ll also find Security Recommendations, a proactive tool displaying recommended actions to protect your portal better.

These recommendations can include suggested actions like enabling two-factor authentication (2FA), which adds an extra layer of security by requiring users to verify their identity through a third-party application or an authentication token delivered using SMS, voice, or email. You can apply 2FA globally for all portal users or on a per-user basis.

Important Note: If you’re using Single Sign-On (SSO), 2FA behavior depends on your SSO configuration.

• If SSO is not set to “Restrict Single Sign-On,” users can choose between SSO or 2FA for login.
• If SSO is set to strict access, users can only log in using SSO.
• To enable 2FA with SSO, you must configure it through your SSO provider.

Security Recommendations gives you recommended actions that enhance the security posture of your LogicMonitor portal.

Other recommendations may include:

• Suspending inactive users after a specified period.
• Turning off inactive tokens after a specified period.
• Configuring an email domain allowlist.

By following these recommendations, you can proactively strengthen your LogicMonitor portal’s security and protect your valuable data.

For more in-depth guidance on securing your LogicMonitor portal, refer to LogicMonitor Best Practices or visit the Security Settings documentation site.

Fostering continuous innovation

With the latest enhancements to the LM Envision platform, LogicMonitor is committed to making it easier for customers to identify and troubleshoot issues quickly, monitor their network infrastructure, and ensure the security of their data. We are excited to see how our customers use these new features to improve their operations and achieve their business goals. Stay tuned for more exciting updates as we continue to innovate and provide our customers with the tools and resources they need to succeed.

If you’re a current customer and need help enabling a new feature, please reach out to your Customer Service Representative or engage directly with the product team in the LogicMonitor Community! If you’re new to LogicMonitor, take the next step on your journey toward Hybrid Observability powered by AI today by watching a quick overview of the platform and requesting a free trial.

The post Improve enterprise MTTR, visibility, and control appeared first on Deliver Intelligence - Dibiz JSC.

The capabilities in our latest launch deliver enhancements that optimize operations for Platform Engineering and CloudOps teams to gain fast, actionable insights into cloud spend and cloud-managed network infrastructure. LogicMonitor helps shift operations teams’ focus on performance, cloud cost optimization, and efficiency, which unlocks growth and innovation.

Layered AI: Empowering ops teams with intelligent insights

LM Cost Optimization: Detailed visibility to align performance and cost

Platform Engineering and CloudOps teams are challenged with maintaining high levels of availability and efficiently using cloud resources, while preventing budgetary overruns and carefully managing costs. Addressing multi-cloud costs while optimizing performance across dispersed teams and applications is difficult with the sheer volume of resources. Making performance-impacting decisions requires deeper intelligence than what the native CSP solutions can provide.

LogicMonitor’s new Cost Optimization solution addresses balancing cloud performance with the cost of operations. LM Cost Optimization offers deep visibility into multi-cloud billing and AI-driven recommendations so teams can efficiently manage and optimize cloud investments. Layered into Hybrid Observability, LM Cost Optimization quickly and intelligently balances performance and cost management, paired with continuous telemetry and insights derived from the LM Envision platform.

LM Cost Optimization includes two key capabilities:

1. Cloud Billing: Provides a detailed, unified view of multi-cloud (Amazon Web Services [AWS] and Azure) organizational spending. This allows teams to analyze cost data using normalized, filtered tags such as account, region, provider, resource type, and more. Additionally, customers can optimize cloud costs based on any cloud tag. With this detailed cost visibility, teams can spot trends, identify spikes and resource changes, and determine strategies for improving cost management. Teams gain deeper cloud cost insights and are empowered to make data-driven decisions that are important to their business.

2. Cloud Recommendations: AI-powered recommendations to instantly modify cloud resource usage and reduce costs while balancing performance. Available for AWS compute and storage, Cloud Recommendations offers targeted recommendations to optimize platforming decisions. Leveraging observability metrics from the LM Envision platform, performance evidence increases confidence around the recommendation. This gives users deep knowledge of surrounding criteria before taking action. Organizations can manage their most expensive cloud resources and reduce expenses without compromising service levels.

LogicMonitor helps customers during and after cloud migrations to eliminate over-provisioned resources, reduce costs, and continually monitor performance. LM Cost Optimization equips organizations with the insights required to deliver highly available, reliable, and cost-effective services to their customers.

Cloud-Managed Networking

Edge and IoT requirements drive substantial data and telemetry, which has increased the need for enterprise-grade wireless coverage. Additionally, the increase in return-to-work mandates has uncovered the need for more modern wireless technologies, which has driven the need for reliable cloud-managed networking capabilities. Due to the increased demand in network infrastructure, the need to monitor and support these areas for our customers has accelerated.

This trend in network management involves new approaches: APIs, streaming telemetry, cloud-hosted, and SaaS-based. These approaches provide faster discovery time, a reduced need for SNMP polling (observability and devices), and push alerts and metrics from management platforms.

LM Envision continues to lead enterprise wireless coverage with a new integration with Ubiquiti UniFi. This integration allows LogicMonitor to offer out-of-the-box monitoring coverage for several industry-leading enterprise wireless vendors, including Cisco, Juniper, and Ubiquiti.

With the addition of Cato SD-WAN monitoring, LM Envision further strengthens LogicMonitor’s position as the leading Hybrid Observability platform for SD-WAN. This enables network operations teams to be agile, efficient, and flexible. LM Envision is supporting customers on that journey. Our customer’s management platform of choice continues to be an integrated partner in the customer’s observability solution.

Customers can also derive greater value from SNMP traps in LM Logs. By enabling SNMP traps as a log source, traps can be retained, queried, and leverage new AI features such as anomaly detection for logs. SNMP traps can now be viewed in the same place as other network-relevant logs, such as syslog, network vendor proprietary logs, and others. Combined with stateful alert clearing, SNMP traps are treated holistically. Meta-data, resource mappings, and filters can also be applied to SNMP trap log records. Finally, through log alerts, SNMP traps can now be leveraged in strategic platform directions, including Dexda’s AI-based event correlation.

Hybrid Observability powered by AI

LogicMonitor’s latest innovations expand the benefits of hybrid observability telemetry and data. We’re innovating and significantly driving efficiency by integrating LM Cost Optimization, enhanced SD-WAN monitoring, and cloud-managed networking enhancements. These developments empower our customers with the tools and insights needed for unmatched operational excellence.

The post LogicMonitor’s latest innovations to optimize cloud performance and costs appeared first on Deliver Intelligence - Dibiz JSC.

At LogicMonitor, we are deeply committed to a mission that goes beyond the conventional: revolutionizing IT monitoring through hybrid observability powered by AI. This ambition is not merely a slogan but the cornerstone of our entire approach. Our LM Envision platform was purposely designed to bring together diverse IT environments under one seamless, integrated experience.

Enterprises have complex IT ecosystems. By delivering comprehensive visibility into your IT infrastructure—whether it’s on-premise, hybrid, or cloud-based— we help organizations streamline operations, minimize expenses, and grow with confidence.

LogicMonitor’s hybrid observability approach empowers IT and CloudOps teams through relentless focus on our three pillars of innovation:

• Layered Intelligence in every aspect of our platform
• Delivering a Unified Experience
• Extensive Hybrid Coverage

Our latest features support these pillars by helping organizations deliver high service availability, reduce the time required to solve problems, and identify root causes faster.

Interested in learning more? Join us for the accompanying Winter Release webinar, titled “Unleashing Hybrid Observability: LogicMonitor’s Latest Product Innovations.” This will take place on Tuesday, February 27th at 11 am PST, where our product team will demo the new capabilities described below!

Modern IT Operations Observability Challenges

In the rapidly evolving digital landscape, modern IT teams face a multifaceted set of challenges that test their agility, efficiency, and innovation. These challenges, while distinct, are deeply interconnected, impacting the ability of organizations to maintain a competitive edge and operational excellence. Here, we delve into the core issues confronting today’s IT operations teams and explore strategic approaches to overcome them.

High Complexity

• Modern IT environments blend legacy systems, cloud platforms, and new technologies, creating significant complexity. This mix, alongside rapid application and infrastructure growth, challenges visibility and control.
• A widening skills gap, due to rapid tech advancement exceeding the supply of skilled professionals, further complicates efficient IT ecosystem management.

Addressing these issues requires robust observability solutions and a strategic focus on workforce development.

Efficient Operations

• The spread of IT assets across various domains leads to governance, cost, and focus challenges, a situation worsened by a traditional, reactive approach to incident management.
• IT teams under pressure to achieve more with less need solutions that automate tasks, optimize resource management, and improve incident response times.

Adopting such technologies allows a shift from reactive to strategic operations, boosting service levels and operational flexibility.

Speed of Innovation

• Aligning IT more closely with business goals is crucial for fostering service agility and innovation.
• Challenges like cloud migration and overcoming the perception of IT as an innovation barrier necessitate reevaluating IT’s organizational role.
• Embracing agile methodologies, continuous delivery, and a culture of experimentation and quick iteration are key.

By positioning IT as a strategic business asset, organizations can create an environment that supports and drives growth and transformation.

Why LM Envision

Our LM Envision platform integrates AI-driven insights, automation, and cloud-native capabilities to streamline and simplify IT operations. This enables IT businesses to effectively tame complexity, boost operational efficiency, and foster innovation at an accelerated pace.

We want to transform IT teams from a support role into a key driver of business success. This will empower them to not only anticipate and respond to current demands but also to shape future technological landscapes.

What’s New in Layered Intelligence

LM Co-Pilot (Preview)

LogicMonitor’s new Generative AI tool, LM Co-Pilot, revolutionizes account setup and day-to-day administration. With its interactive dialogue and real-time assistance, it accelerates processes, reduces errors, and enhances the user experience. By simplifying manual multi-step workflows and multi-page administrative tasks (like adding devices or new users) into a curated, chat-like experience, LM Co-Pilot frees up IT teams to work on more engaging tasks.

Currently, LM Co-Pilot is only available in preview mode. If you want to participate in our Controlled Availability program, please contact your LogicMonitor account representative.

Stay tuned in the coming months as we roll out new LM Co-Pilot capabilities, including Support, which will leverage Natural Language Processing (NLP) to summarize documentation and answer queries about LM Envision features, and Troubleshooting, which will automate workflows for rapid troubleshooting and resolution of complex hybrid infrastructure issues.

Log Analysis (Preview)

When troubleshooting business-impacting events in a hybrid environment, users typically need complex queries to scan logs across the different services, applications, and resource types (e.g., network devices, load balancers, databases, and cloud resources). This time-consuming process usually requires deep domain knowledge.

Log Analysis simplifies troubleshooting by quickly surfacing contextually relevant logs through advanced ML techniques and visual filtering. Log Analysis automatically analyzes and categorizes log messages, providing sentiment scores based on log level, keywords, negative phrases, and custom dimensions. This helps users quickly detect the severity of log messages and prioritize the key phrases that apply to their most pressing issues.

Now, time-consuming work such as determining severity and finding relevant logs is handled by LogicMonitor’s AI, which enables operations and support teams to be more effective when solving problems.

Edwin AI

Edwin AI puts AI to work and supercharges IT productivity by automating alert correlation, contextualization, prioritization, and incident management, all personalized to a business’s unique needs. Edwin AI extracts the richest, most relevant context from LogicMonitor and ServiceNow CMDB for a highly accurate and customizable correlation.

Let’s say a core switch link has gone down due to a config issue in your campus, generating an alert storm with hundreds of access points and switches being impacted. Edwin AI will combine the context of devices as switches, APs, and campus location from LogicMonitor to help correlate this storm of alerts into a single actionable insight. Edwin AI automatically summarizes all the underlying events for the level one NoC engineers in the ServiceNow ticket.

By combining natural language processing and unsupervised machine learning, Edwin AI cuts through the noise to elevate the most important issues. As a result, IT and CloudOps teams can diagnose problems faster, reduce MTTR, increase efficiency, and prevent problems from exploding into costly downtime and business-critical incidents. Dexda acts as a single source of truth across your entire environment, optimizing incident response and accelerating MTTR.

Unlike other solutions, Edwin AI uses open and customizable Machine Learning models, offering personalized IT at scale. Essentially, it’s like having an extra ITOps engineer on your team!

Ready to gain better context into issues you’re already collecting with LogicMonitor’s personalized approach to AIOps? Reach out to your LogicMonitor account representative, or email us at aiops@logicmonitor.com to get started with Edwin AI today!

What’s new in Unified Experience

New User Interface (GA)

Introduced over the summer, our new user interface (now GA) has a more modern look and feel. It demonstrates LogicMonitor’s mission of creating an industry-leading Unified Experience across all IT environments: hybrid, cloud, and on-prem.

This quarter, we’ve added a new log dashboard widget that displays logs for a single resource or group of resources. Thus making it easier than ever to share aggregated log information with stakeholders for faster troubleshooting.

LM Envision’s latest features, like the log dashboard widget, are being added exclusively to the new user interface. Simply toggle on the “New UI Preview” button to take advantage of the log dashboard widget and other new features such as:

• Resource Explorer 
• Dynamic Filters
• Datapoint Analysis
• and more

Click here for more information on the new UI or visit the documentation.

Resource Explorer (GA)

As highlighted in the fall release blog, LM Envision’s new Resource Explorer (now in GA) helps operations teams quickly organize and visualize their entire hybrid multi-cloud environment in just a few clicks.

Resource Explorer surfaces key insights into business performance by clearly displaying overall resource and application health. Teams can easily isolate high priority issues for faster speed of execution and greater agility with comprehensive visibility across thousands of resources in a single, organized view. Easily filter and group views based on tags such as location, cloud provider, alerts, and more to spot problems, reduce unplanned downtime, and maintain your service levels.

As a reminder, you must toggle on the new UI to take advantage of Resource Explorer. For more information, watch the demo or check out the documentation!

Organize on-premises and multi-cloud resources in a single view. 

Drill down into a resource at a known location to isolate an issue.

What’s new in Hybrid Coverage

Cloud-Managed Networking

There are many areas in which IT teams are modernizing their network services and infrastructure, including SD-WAN, Cameras, Environmental Sensors, and Wireless Access Points. Whether augmenting or pivoting from MPLS/VPN connectivity services to SDN or embracing cloud-managed networking, LogicMonitor continues to expand its breadth of coverage and deliver on our promise of unified hybrid observability.

Several previously previewed capabilities are now Generally Available, including support for:

• VMware SD-WAN (formerly VeloCloud)
• Cisco Catalyst Center-managed Wireless Access Points
• Cisco Meraki Wireless Access Points
• Cisco Meraki Environmental Sensors

Our integration with Cisco Catalyst Center (previously Cisco DNA Center) is of particular note.

For more information, check out these additional resources:

• SD-WAN Monitoring
• Meraki Marketplace Listing

Forward Together

Our journey is far from over. As we continue to innovate, our focus remains on empowering our customers with the solutions and insights needed to achieve operational excellence. Hybrid Observability powered by AI isn’t just what we do—it’s who we are. We’re excited about the future and invite you to join us on this transformative journey.

In our pursuit, we’re not just aiming to lead; we’re striving to change the game. By continuously evolving and adapting, we’re not only meeting the needs of today’s digital world but also shaping the future of IT monitoring.

Welcome to the next chapter in IT innovation. Welcome to LogicMonitor’s vision of Hybrid Observability powered by AI. To learn more about our latest innovations, make sure to join our upcoming webinar, “Unleashing Hybrid Observability: LogicMonitor’s Latest Product Innovations”

The post Unleashing hybrid observability appeared first on Deliver Intelligence - Dibiz JSC.

Introduction

In today’s interconnected world, APIs (Application Programming Interfaces) have become the backbone of digital communication, enabling different software systems to interact with one another. From mobile applications to cloud services, APIs facilitate the exchange of data and services seamlessly. However, as APIs grow in importance, so do the risks associated with them. The increasing prevalence of API-related security breaches highlights the need for robust security measures.

What is an API?

APIs allow different software components to communicate with each other, acting as a bridge between various systems. They enable the creation of complex applications by providing a set of protocols and tools for building software and applications. APIs are essential for the functioning of web services, mobile apps, IoT devices, and more. However, their widespread use also makes them prime targets for attackers.

Top API Vulnerabilities

API vulnerabilities are diverse and can lead to severe breaches if not addressed properly. According to the OWASP API Security Top 10, the most common API vulnerabilities include:

1. Broken Object Level Authorization (BOLA) – Occurs when an API does not properly enforce access controls, allowing attackers to access or modify data they shouldn’t have access to.

2. Broken Authentication – This occurs when authentication mechanisms are weak, leading to unauthorized access.

3. Excessive Data Exposure – APIs often expose more data than necessary, making sensitive information accessible.

4. Security Misconfigurations – Default, incomplete, or improper configurations that expose the API to attacks.

5. Injection Attacks – Malicious data is sent to an API, leading to SQL injections, command injections, or other forms of exploitation.

6. Server-Side Request Forgery (SSRF) – This occurs when an attacker is able to manipulate the API and trigger the server hosting it to make requests to unintended destinations.

In-Depth Look: BOLA and BFLA Vulnerabilities

1. Broken Object Level Authorization (BOLA)

BOLA is one of the most critical vulnerabilities in the API security space. It occurs when an API fails to properly check user permissions, allowing attackers to access or manipulate data that they shouldn’t have access to. For example, if a user can access another user’s data by simply changing an ID in the API request, it indicates a BOLA vulnerability.

2. Broken Function Level Authorization (BFLA)

BFLA occurs when an API incorrectly assigns user permissions for accessing certain functions. Unlike BOLA, which deals with object-level access, BFLA is concerned with higher-level functionality. This vulnerability allows unauthorized users to perform restricted operations, potentially causing significant damage.

API References and Definitions

When developing and securing APIs, understanding the tools and standards used to define, document, and interact with them is crucial. However, leaving an API documentation exposed is risky, as we will see in our case study.

Here are some of the known specifications and tools, which can be used to automatically generate an API documentation:

● Swagger

Swagger is a framework for designing, building, and documenting RESTful APIs. It allows developers to define their APIs using a standardized format, making it easier to generate interactive API documentation and client libraries. Swagger’s user-friendly interface simplifies testing and interaction with APIs.

● OpenAPI

The OpenAPI Specification (OAS) is a standard for defining RESTful APIs. It provides a structured way to describe your API, including endpoints, request/response formats, and authentication methods. OpenAPI builds on Swagger and has become the industry standard for API documentation, ensuring consistency and clarity across different APIs.

● WSDL (Web Services Description Language)

WSDL is an XML-based language used for describing web services, particularly SOAP-based services. It defines the operations that the service offers, the messages it accepts and returns, and the binding details needed for communication. Although more commonly associated with older SOAP services, WSDL remains relevant for certain enterprise environments.

● ASP.NET Web API Help Page

ASP.NET Web API Help Page is a built-in feature in ASP.NET that automatically generates help documentation for your API. It provides detailed information about your API endpoints, including parameter descriptions and sample responses, making it easier for developers to understand and use the API.

● GraphQL Introspection

GraphQL Introspection is a powerful feature that allows clients to query a GraphQL API for its schema. This means that developers can retrieve detailed information about available types, fields, and operations directly from the API, enabling dynamic querying and a better understanding of the API’s capabilities.

Exposed API Documentation is Risky

While API documentation is essential for developers, leaving it publicly accessible without proper controls can expose your system to significant risks, starting from Information Disclosure to Unauthorized Access, Injections, and more.

Case Study: Vulnerabilities Automatically Detected by ULTRA RED

● CVE-2023-39375: This vulnerability is related to BOLA, where improper authorization checks allowed unauthenticated attackers to create a new user admin.

● CVE-2023-39376: A BOLA vulnerability which allowed unauthenticated attackers to disable security measures applied by the application.

● CVE-2024-41702: An SQL Injection vulnerability in an API login endpoint, where JSON object injection led to unsanitized values being passed to an SQL query.

● Personal Identifiable Information (PII) Exposure: A BFLA vulnerability which allowed an attacker to access other user resources, specifically employees of a large company, and expose highly sensitive PII, including Protected Health Information (PHI).

● Vector Type – Server Side Request Forgery (SSRF)

Summary: SSRF could be critical, especially when it is reflected. In our case, we could use SSRF to fetch cloud metadata and get initial access to the client’s cloud environment.

Detection: The system is programmed to automatically parse the API Definitions that we mentioned earlier and scan the endpoints for vulnerabilities. Unfortunately for the client, there was one API request that laid bare a critical vulnerability.

The vulnerability allowed an attacker to send email messages to other users, originating from the API vendor’s trusted mail server!

We tested the parameter for SSRF, and got a successful callback.

But there is more – the attacker could attach files to each email message by supplying a list of URLs.

In the image below, we see that the request is sent to the /api/Email/Send Email endpoint, which includes parameters such as Address, Emails, CCs, and BCCs. For this example, we’ve populated these fields with placeholder email addresses using a domain generated by Interactsh.

We tried a few common and interesting endpoints for SSRF, such as the AWS metadata endpoint – we filled in the AWS metadata URL http://169.254.169.254/latest/meta-data as a file attachment:

Ok, so the request has been successful because we got the ‘isSuccess’ parameter as true.

I used Interactsh to check if the file is sent, but a temporary mail can also be used:

We can see we got the SMTPinteraction. A second-order SSRF was found!In verbose mode we can see the base64 encoded content:

We can now take the encoded data, decode it and see that we could successfully access the instance metadata endpoint:

Securing Your APIs

To mitigate these vulnerabilities, here are some best practices:

● Implement strong authentication and authorization mechanisms.

● Follow the principle of least privilege to restrict access.

● Validate and sanitize all inputs to prevent injection attacks.

● Use rate limiting and monitoring to detect unusual activity.

● Regularly update and patch APIs to address known vulnerabilities.

● Introduce scanning tools (such as ULTRA RED) to automatically detect known and unknown vulnerabilities.

Conclusion

As APIs continue to expand, securing them becomes paramount. By understanding common OWASP API top 10 vulnerabilities, and implementing robust security measures, organizations can protect their digital assets and ensure that their APIs remain secure.

‍

The post Strengthening API Security: Addressing Vulnerabilities and Emerging Threats appeared first on Deliver Intelligence - Dibiz JSC.

As we move further into 2024, these trends show no signs of slowing, making cybersecurity more critical than ever. The MTrends report from Mandiant highlights the importance of Continuous Threat Exposure Management (CTEM), revealing that 38% of successful breaches stem from an initial infection vector via exploitation. This underscores the urgent need for robust cybersecurity strategies to combat evolving threats.

In recent years, we have seen a steady rise in breach costs. Remote work introduced new security vulnerabilities that hackers exploited, significantly expanding the cyberthreat landscape. The growing prevalence of malware and hackers across various industries has made anyone online more vulnerable to breaches. The sheer number of criminal adversaries and potential entry points makes containment and mitigation increasingly difficult. Unfortunately, cyber statistics in 2024 are expected to remain much the same.

According to the Veeam Ransomware Trends Report 2024, which surveyed 1,200 CISOs, security professionals, and backup administrators who faced ransomware attacks in 2023, many organizations remain unprepared for recovery despite having incident response plans and policies in place. This lack of preparedness poses a significant risk not only to the company’s reputation, employee morale, and productivity but also to its bottom line. Int he context of CTEM, it’s imperative for businesses to priorities proactive and comprehensive security measures. By addressing these pressing vulnerabilities, organizations can safeguard their financial stability, maintain operational resilience, and protect their business interests in an increasingly hostile cyber environment.

The Role of EASM in Risk andGovernance

External Attack Surface Management (EASM) plays a critical role in identifying and managing the multifarious risks that organizations face. By leveraging extensive internet telemetry data, EASM solutions offer a comprehensive view of an organization’s external digital footprint. This approach provides essential insights into potential vulnerabilities and security gaps, forming the basis for robust governance structures.

While External Attack Surface Management (EASM) is a crucial part of the defense strategy, it’s important to note its limitations. EASM, which relies on internet telemetry data, can’t provide a real-time understanding of what a threat actor could potentially exploit in your system today.

Each day, the threat landscape evolves with new vulnerabilities, exploits, and methods to by pass security measures. This dynamic environment demands a solution that can keep pace. ULTRARED Continuous Threat Exposure Management (CTEM) solution is designed to do just that, going beyond traditional EASM to provide proactive protection.

How ULTRARED CTEM ImprovesTraditional EASM for Real-Time Threat Intelligence

ULTRARED CTEM  solution proactively addresses the limitations of traditional EASM by offering real-time threat intelligence and validation. CTEM provides the situational awareness necessary to understand the current threat landscape and how it impacts your organization today. Through continuous scanning and validation, ULTRARED’s CTEM identifies exploitable exposures, enabling organisations to respond swiftly and effectively.

ULTRARED’s approach goes beyond merely highlighting vulnerabilities. It provides actionable insights into there mediation and mitigation processes, ensuring that organizations can address threats promptly. By integrating  CTEM into your security framework, you gain a dynamic and responsive defense mechanism that not only responds to but also evolves with the threat landscape.

The ultimate goal of any security strategy is to protect the organisation’s bottom line. Cyber threats can have significant financial implications, from direct financial losses due to breaches to the indirect costs associated with reputation damage and regulatory fines. By leveraging ULTRARED’s comprehensive suite of tools, including Automated Adversary Emulation, EASM, CTI, and Automated Breach and Attack Simulation (ABAS), organizations can build a robust security posture that not only safeguards their critical assets but also saves them money in the long run.

Protecting Your Bottom Linewith ULTRARED’s CTEM

ULTRARED’s technologies empower hands-on operators with verified cyber intelligence, enabling them to identify and actionable cyber challenges. This proactive approach not only enhances security but also supports overall business resilience, ensuring that organisations can continue to operate effectively even in the face of evolving cyber threats.

To learn more about how ULTRARED AI can help secure your external attack surface and protect your bottom line, book a call with our experts today. Together, we can build a robust security strategy tailored to your organization’s needs.

The post Protecting the ‘Bottom Line’ in Your External Attack Surface appeared first on Deliver Intelligence - Dibiz JSC.

In the world of cybersecurity, prioritizing which vulnerabilities to tackle can feel like trying to hit a moving target. Severity scores have their place, but they don’t always tell the full story. Enter Exploitation Likelihood—a new metric that zeroes in on what really matters: the actual chance that a vulnerability will be exploited. This isn’t just another number on a dashboard; it’s a game-changer for how you approach security.

Strategic Benefits

1. Get Smart About Where You Focus Your Efforts

You’ve got limited resources and a mountain of potential vulnerabilities to address. Not all threats are created equal, so why treat them like they are? Exploitation Likelihood changes the game by helping you focus on the vulnerabilities that are most likely to be attacked. It’s about working smarter, not harder.

• Sharp Decision-Making: With this metric, you’re making decisions based on what’s actually likely to happen, not just on what looks scary on paper.
• Efficient Use of Resources: By homing in on the most probable threats, you’re ensuring your team’s time and energy are spent where they’ll have the most impact.

2. Stay Ahead of the Curve with Better Intelligence

The threats you face today aren’t the same as they were yesterday, and they won’t be the same tomorrow. Exploitation Likelihood taps into the latest intelligence, blending the predictive power of First’s EPSS (Exploit Prediction Scoring System) with real-world OSINT (Open Source Intelligence) data. The result? You get a clear picture of where the real risks lie.

• Predictive Insights: Think of this as your crystal ball—an informed look into which vulnerabilities are most likely to be exploited next.
• Real-World Relevance: By pulling in data from the wild, you’re not just guessing; you’re making decisions based on what’s actually happening out there.

3. Shift from Defense to Offense

Let’s face it: the days of purely reactive cybersecurity are over. If you’re not thinking ahead, you’re falling behind. Exploitation Likelihood puts you in the driver’s seat, letting you anticipate and neutralize threats before they become full-blown problems.

• Proactive Protection: This isn’t about waiting for something to go wrong. With Exploitation Likelihood, you’re taking steps to prevent incidents before they occur.
• Focused Response: When something does go wrong, this metric guides you straight to the heart of the issue, so you can respond swiftly and effectively.

Why Exploitation Likelihood Matters

1. Take the Guesswork Out of Risk Management

Let’s be real—managing risk can feel like spinning plates. Exploitation Likelihood helps you keep those plates in the air by giving you a clear, data-driven understanding of where the real dangers are. It’s not just about severity; it’s about likelihood, too.

• Contextualized Understanding: When you know how likely a vulnerability is to be exploited, you’re not just managing risk—you’re mastering it.
• Strategic Planning: With this insight, your security strategy isn’t just reactive; it’s precise and targeted.

2. Align with What the Industry Experts Are Saying

If you’re following Gartner and other industry leaders, you know that risk-based vulnerability management is the way to go. Exploitation Likelihood fits perfectly into this framework, offering a quantifiable way to measure and manage your risk.

• Stay Compliant: By integrating this metric, you’re not just protecting your systems; you’re aligning with industry best practices and regulatory expectations.
• Measure What Matters: Finally, a metric that gives you a real benchmark for the effectiveness of your security efforts.

Conclusion

Exploitation Likelihood isn’t just a new buzzword; it’s a smarter, more strategic way to manage cybersecurity. By focusing on what’s likely to happen rather than what’s merely possible, you’re not just staying ahead of the curve—you’re redefining it. For those who want to do more than just keep up with the ever-evolving threat landscape, this is your opportunity to lead. Ready to take your security strategy to the next level? Let’s talk.

The post Understanding Exploitation Likelihood: A Smarter Approach to Cybersecurity appeared first on Deliver Intelligence - Dibiz JSC.