Introducing DARTH: Distributed Analysis for Research and Threat Hunting
As targeting data centers, which mainly run workloads on Linux, has proven to be a very lucrative target for cyber criminals, Linux malware has become increasingly prevalent. Although still an emerging threat that’s somewhat less complex than its Windows counterpart, analysis of Linux malware remains challenging due to lack of analysis tools in the Linux world.
Luckily, both the Linux kernel and the Linux ecosystem provide a set of capabilities and tools that, when combined, potentially allow for the creation of malware analysis frameworks as powerful as those available on Windows.
This blog details what can be achieved by leveraging tools and an analysis pipeline specifically tailored for Linux, and introduces our Distributed Analysis for Research and Threat Hunting
(DARTH) framework. We provide a high-level overview of the framework, including core components and modules, as well as the design requirements that have led our research efforts in this area. We then discuss Tracer, a dynamic analysis module used in DARTH to collect various behaviors during malware execution in a controlled environment.
High Level Overview: Where DARTH Began
As part of our research, we often find ourselves running new types of analysis on large collections of malicious samples; building a scalable Continue reading
SD-WAN and SASE – Hype or Reality?
With available standards and new standards coming in 2022 to define SASE and Zero Trust, enterprises will be better informed to compare services when purchasing secure SD-WAN and SASE managed services.Cloudflare Radar’s 2021 Year In Review
In 2021, we continued to live with the effects of the COVID pandemic and Internet traffic was also impacted by it. Although learning and exercising may have started to get back to something close to normal (depending on the country), the effects of what started almost two years ago on the way people work and communicate seems to be here to stay, and the lockdowns or restrictions continue to have an impact on where and how people go online.
So, Cloudflare Radar's 2021 Year In Review is out with interactive maps and charts you can use to explore what changed on the Internet throughout this past year. Year In Review is part of Cloudflare Radar. We launched Radar in September 2020 to give anyone access to Internet use and abuse trends.
This year we’ve added a mobile vs desktop traffic chart, but also the attack distribution that shows the evolution throughout the year — the beginning of July 2021, more than a month after the famous Colonial Pipeline cyberattack, was the time of the year when attacks worldwide peaked.
There are also interesting pandemic-related trends like the (lack) of Internet activity in Tokyo with the Summer Olympics in town and Continue reading
ACE IaC – Another Industry First by Aviatrix
Today Aviatrix launched the self-paced version of Aviatrix Certified Engineer (ACE) Infrastructure as Code (IAC) training and certification. This is the industry’s first multi-cloud networking and security Infrastructure as Code training, that too in a self-paced format. ACE IaC brings together the concepts of DevOps by automating a multi-cloud network infrastructure through 3 hands-on labs. … Continue reading ACE IaC – Another Industry First by AviatrixACE IaC – Another Industry First by Aviatrix
Today Aviatrix launched the self-paced version of Aviatrix Certified Engineer (ACE) Infrastructure as Code (IAC) training and certification. This is the industry’s first multi-cloud networking and security Infrastructure as Code training, that too in a self-paced format. ACE IaC brings together the concepts of DevOps by automating a multi-cloud network infrastructure through 3 hands-on labs. … Continue reading ACE IaC – Another Industry First by Aviatrix“My First Flight: Dec 16th, 1960”
Note: This Post was written by Fish’s Mom, Dr Patricia Fishburne It was decided. Stokes would stay at Ohio State University and work on his ongoing experiment for his Ph.D. in Aeronautical Engineering while I flew to New Jersey for... Read More ›
The post “My First Flight: Dec 16th, 1960” appeared first on Networking with FISH.
Simplify NSX Security for Brownfield vSphere Deployments with NSX-T 3.2
Perimeter-only security controls are just not sufficient to address sophisticated attacks on mission-critical infrastructure. VMware NSX pioneered the “micro-segmentation” approach, in which granular security controls enable Zero-Trust Security. With micro-segmentation, each individual workload inside the network receives unprecedented protection from attacks originating from both external as well as internal threat actors. One of the primary reasons for NSX’s instant success in the industry was the fact that deploying Zero-Trust security across the infrastructure is quite easy and effectively mitigates malicious lateral movement with L4 and L7 Application controls. With the NSX 3.2 release, we are further simplifying the NSX Security deployment experience.
This blog captures why deploying NSX for micro-segmentation is already a simple experience, and how NSX 3.2 further simplifies that experience. Specifically, the following two key capabilities will be covered:
- NSX Distributed Security support for vSphere Distributed Switch-based workloads, and
- Embedded vCenter-based NSX Distributed Firewall workflows
Achieving Zero-Trust for Applications with NSX today
From the initial days of VMware NSX, we strongly believed that achieving micro-segmentation should not come at the cost of complexity.
If you ask our customers, this is why they love NSX:
- Ease of deployment: NSX does not require any custom firewall Continue reading
Announcing VMware HCX 4.3
VMware HCX, an application mobility platform, is a crucial part of an organization’s digital transformation journey. HCX simplifies application migration, workload rebalancing, and business continuity across data centers and clouds. This becomes increasingly important as organizations consolidate data centers, extend data centers to the cloud, or replace on-premises infrastructure.
Let’s dig into some of the new and exciting features of HCX 4.3.0:
Transition to PostgreSQL
One of the key improvements HCX 4.3.0 introduces is the use of PostgreSQL. The goal is to replace the older databases and leverage some inherent advantages of PostgreSQL. From an end-user perspective, this transition will have no impact. Once the upgrade process is triggered, the system will automatically transition to the newer database in the backend, and all the data is seamlessly transferred to the new database.
Building Resiliency in HCX Network Extension
The second significant enhancement is the high availability of Network Extension appliances. Network Extension service is a critical part of HCX, and any disruption during normal migration activities can have a high impact on business operations. HCX 4.3.0 aims to minimize the impact of such disruptions by introducing a high availability (HA) feature for Network Extension Continue reading
ICANN DNS Symposium
ICANN hosted a Resolver Operator Forum in mid-December, and the session had several interesting presentations that I would like to comment on here.Red Teaming: A Deep Assessment of the Company’s Security Posture
Red Teaming is a complex interaction with IT infrastructure, the task of which is to improve the processes of monitoring and responding to various cyber threats.NSX Year in Review: 2021
With 2022 just around the corner, we can’t help but look back at the past year. 2021 was one for the books, as the world continued to navigate the ups and downs of the pandemic and the new way of working. It was also a big year for NSX, with many firsts, releases, awards and events. Before we head into the new year, take a quick trip down memory lane with us for an NSX year in review and reminisce on all the news we shared this year:
January
Shared on YouTube
January, besides marking the start of the new year, was the month of the -tion’s on YouTube. Our top-viewed videos this month were the classic NSX Introduction, Micro-segmentation, Network Evolution, NSX-T Migration, and NSX-T Federation. Check out the videos and let us know in the comments if any of the information in these creations got your attention.
February
Introduced HCX 4.0
Roses are red, violets are blue. Have you heard? HCX 4.0 is new! This major release focused on providing enhanced visibility, reducing service downtime during upgrades, and simplifying the reconfiguration of NSX security policies post-migration. Since February, Continue reading
Automation 7. Running and Parsing MD-CLI Commands with pySROS Directly on Nokia Router or Remotely.
Hello my friend,
We are continuing studying the Python library pySROS, which Nokia recently published. With all our passion for the Model-Driven Automation, we know that still a lot of people use the CLI daily. As such, today we’ll take a look on how we can automate execution and processing of the output of CLI commands in Nokia SR OS devices.
I See 10 Years Old Kids Creating Tools in Python… Is That Late to Start?
It is not. In fact, it shows that the there are no barriers to start learning and using Python. People come to a programming and software development with different backgrounds and for different purposes. However, all of them are united by a single goal: how to do something more efficient. This something is in fact can be anything: starting from a simple data analysis to a complex web application to games and, of course, to a network automation. At our trainings we use Python a lot; however, we know that network engineers may have no background in software development, and, therefore, we teach you basics of Python syntax, semantic and architecture, so that you can use it for network automaton (and other purposes) Continue reading