Contrail is the "secret weapon."
Unikernel technologies, specifically the libraries, are applicable in many ways (e.g. the recent Docker for Mac and Windows products). However, unikernels themselves can enable new categories of products. One of the most prominent products is a network security tool called CyberChaff, based on open source HaLVM unikernels. Today Formaltech, a Galois subsidiary, revealed that Reed College is one of their happy CyberChaff users!
CyberChaff is designed to detect one of the early and critical steps in a security breach: the point when an attacker pivots from their initial entry point to the more juicy parts of the network. This step, the pivot, typically involves scanning the network for hosts that may be better positioned, appear to have more privileges, or are running critical services.
To impair this step of the attack, CyberChaff introduces hundreds (or thousands) of false, lightweight nodes on the network. These hosts are indistinguishable from real hosts when scanned by the attacker, and are each implemented as their own HaLVM unikernel. See the diagram below where green nodes are the real hosts and the orange nodes are HaLVM CyberChaff nodes. This means that an attacker is faced with a huge Continue reading
Investors eagerly grab future pieces of Dell.
Orchestration deserves a tool of its own.
Security startup Siemplify aims to pick up where SIEMs leave off with threat analysis software that provides additional context and visualization to security alerts to help analysts identify and respond to the most relevant events.
The post Startup Radar: Siemplify Takes Threat Analysis Beyond SIEM Correlation appeared first on Packet Pushers.
Security startup Siemplify aims to pick up where SIEMs leave off with threat analysis software that provides additional context and visualization to security alerts to help analysts identify and respond to the most relevant events.
The post Startup Radar: Siemplify Takes Threat Analysis Beyond SIEM Correlation appeared first on Packet Pushers.
The post Worth Reading: Lego Robots versus Gesture Security appeared first on 'net work.
When Cyrus wanted to capture Babylon, he attacked the river that flows through the city, drying it out and then sending his army under the walls through the river entrance and exit points. In a similar way, the ventilator is a movie favorite, used in both Lord of the Rings and Star Wars, probably along with a thousand other movies and stories throughout time. What do rivers and ventilators have to do with network security?
Side channel attacks. Now I don’t know if the attacks described in these papers, or Cyrus’ attack through the Euphrates, are considered side channel, or just lateral, but either way: the most vulnerable point in your network is just where you assume you can’t be attacked, or that point where you haven’t thought through security. Two things I read this week reminded me of the importance of system level thinking when it comes to security.
The first explores the Network Time Protocol (NTP), beginning with the general security of the protocol. Security in a time protocol is particularly difficult, as the entire point of encryption is to use algorithms that take a lot of time for an attacker to calculate—and there’s probably some relationship between Continue reading
There is no question that the memory hierarchy in systems is being busted wide open and that new persistent memory technology that can be byte addressable like DRAM or block addressable like storage are going to radically change the architecture of machines and the software that runs on them. Picking what memory might go mainstream is another story.
It has been decades since IBM made its own DRAM, but the company still has a keen interest in doing research and development on core processing and storage technologies and in integrating new devices with its Power-based systems.
To that end, IBM …
IBM Throws Weight Behind Phase Change Memory was written by Timothy Prickett Morgan at The Next Platform.