IBM lets customers, partners write apps for QRadar threat intelligence platform

IBM is launching a program where customers can share apps they write to augment IBM’s QRadar platform that analyzes security data, detects behavior anomalies and sorts out high-priority risks from the mass of incidents it examines.To accomplish this, the company is opening APIs into QRadar, issuing software developer kits and creating a Security App Exchange where these custom apps can be distributed.The exchange has already been seeded with 14 apps written by IBM itself and some of its partners including Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems.Four of these apps are: User Behavior Analytics – Integrates Exabeam’s analysis of user behaviors and risk profiling into QRadar’s dashboard. Threat Intelligence – Pulls data from threat feeds and create rules about how to handle the data, such as raising the threat score for incidents involving IP addresses from a particular watch list. Carbon Black App for QRadar – Analyzes data from Carbon Black’s endpoint sensors within the QRadar interface, enabling faster responses to endpoint attacks. Incident Overview – A visualization app that uses bubbles, colors and correlation lines to help analysts quickly identify links among incidents. IBM says it will vet applications before they are made Continue reading

Reviving n3topedia

Well…

After a pretty long time no write, the big day came, when I decided to revive a project most dear to me.

For those of you who remember n3topedia, and for those of you who’ve never heard of it, a purpose statement may be worthy at this point. From a strictly educational blog, n3topedia will be transformed in a tech blog.

I am pretty certain that networking posts will be an important part of this, but my focus will also be on letting you know whatever feels interesting and useful. Both the format and the approach will be slightly different, more lively and interactive.

 

I am hoping you will all enjoy reading it as much as I enjoy writing it.

 

Cheers

Rating

Cyberspy group targets South American political figures, journalists

Since 2008, a group of attackers has used off-the-shelf remote access Trojans (RATs) to target political figures, journalists and public figures in several South American countries. The group, whose attack campaigns have been investigated by researchers working with Citizen Lab at the University of Toronto's Munk School of Global Affairs, has been dubbed Packrat. It appears mainly interested in political opposition groups and influential people from countries like Argentina, Ecuador and Venezuela.While there is insufficient evidence to link the group to a particular government or intelligence agency, the researchers believe "that the ultimate recipient of the information collected by Packrat is likely one or more governments in the region."To read this article in full or to leave a comment, please click here

Security and privacy checklist for smart devices: 50 million to be sold over holidays

When shopping for a smart device, are you most influenced by the device’s capabilities, by its coolness factor, or by holiday sales that dropped the price? Do you first review the company’s policies, terms and conditions, the potentially excessive permissions a mobile app will require to control the connected device, or with whom the manufacturer will share or sell your collected data? If you receive a smart gadget as a gift, do you think the giver was wise enough to consider the small print before purchasing, to think of security and privacy before buying the smart device?To read this article in full or to leave a comment, please click here

Notable deaths of 2015 from worlds of technology, science & inventions

RememberingThe networking and computing world, as well as the worlds of science and inventions, lost well-known pioneers as well as younger movers and shakers during 2015. Here’s a brief look back at these people and their contributions.(IDG News Service contributed to this report.)LOOK BACK: 2014’s notable deathsTo read this article in full or to leave a comment, please click here

Ansible book – Technical review

I recently did a technical review for “Mastering Ansible” book by Jesse Keating. This book covers usage of Ansible for automation with practical examples. If anyone is interested, please look at the book. Pre-requisite is to have basic Ansible knowledge. Ansible is similar to configuration management tools like Chef, Puppet. Agent-less architecture and short learning … Continue reading Ansible book – Technical review

6 ways to cut the cost and pain of a Windows 10 migration

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

For most organizations that migrated to a new version of Windows in the past two years, the cost and frustration was not only high, the resources required were crippling. But ready or not, chances are a new migration project will soon be on your to-do list. In fact, almost a quarter of all PCs will be upgraded to Windows 10 within a year. That’s more than 350 million devices. It’s already on more than 100 million devices, and counting.

To read this article in full or to leave a comment, please click here

SHA-1 Deprecation: No Browser Left Behind

Welcome to the Internet. All Browsers Welcome

After December 31, 2015, SSL certificates that use the SHA-1 hash algorithm for their signature will be declared technology non grata on the modern Internet. Google's Chrome browser has already begun displaying a warning for SHA-1 based certs that expire after 2015. Other browsers are mirroring Google and, over the course of 2016, will begin issuing warnings and eventually completely distrust connections to sites using SHA-1 signed certs. And, starting January 1, 2016, you will no longer be able to get a new SHA-1 certificate from most certificate authorities.

For the most part, that's a good thing. Prohibitively difficult to forge certificate signatures are part of what keeps encryption systems secure. As computers get faster, the risk that, for any given hashing algorithm, you can forge a certificate with the same signature increases. If an attacker can forge a certificate then they could potentially impersonate the identity of a real site and intercept its encrypted traffic or masquerade as that site.

Deprecating Old Standards

This isn't the first time we've been through this exercise. The original hashing algorithm used for most certificate signatures in the early days of the web was MD5. In 2008, researchers demonstrated they were able to Continue reading

NASA, Google reveal quantum computing leap

The black box sitting at the heart of NASA's Advanced Supercomputing facility in Silicon Valley isn't much to look at. The size of a garden shed, it's smaller than a conventional supercomputer, but inside something quite impressive is happening.The box is a D-Wave 2X quantum computer, one of the most advanced examples yet of a new type of computer based on quantum mechanics, which can theoretically be used to solve complex problems in seconds rather than years.MORE ON NETWORK WORLD: 13 awesome and scary things in near Earth space Quantum computers rely on fundamentally different principles to today's computers, in which each bit represents either a zero or a one. In quantum computing, each bit can be both a zero and a one simultaneously. So while three conventional bits can represent any of eight values (2^3), three qubits, as they're called, can represent all eight values at once. That means calculations can theoretically be performed at much higher speeds.To read this article in full or to leave a comment, please click here

Using a proxy to feed metrics into Ganglia

The GitHub gmond-proxy project demonstrates how a simple proxy can be used to map metrics retrieved through a REST API into Ganglia's gmond TCP protocol.
The diagram shows the elements of the Ganglia monitoring system. The Ganglia server contains runs the gmetad daemon that polls for data from gmond instances and stores time series data. Trend charts are presented through the web interface. The transparent gmond-proxy replaces a native gmond daemon and delivers metrics in response to gmetad's polling requests.

The following commands install the proxy on the sFlow collector - an Ubuntu 14.04 system that is already runnig sFlow-RT:
wget https://raw.githubusercontent.com/sflow-rt/gmond-proxy/master/gmond_proxy.py
sudo mv gmond_proxy.py /etc/init.d/
sudo chown root:root /etc/init.d/gmond_proxy.py
sudo chmod 755 /etc/init.d/gmond_proxy.py
sudo service gmond_proxy.py start
sudo update-rc.d gmond_proxy.py start
The following commands install Ganglia's gmetad collector and web user interface on the Ganglia server - an Ubuntu 14.04 system:
sudo apt-get install gmetad
sudo apt-get install ganglia-webfrontend
cp /etc/ganglia-webfrontend/apache.conf /etc/apache2/sites-enabled
Next edit the /etc/ganglia/gmetad.conf file and configure the proxy as a data source: 
data_source "my cluster" sflow-rt
Restart the Apache and gmetad daemons: 
sudo service gmetad restart
sudo service apache2  Continue reading

Instead of news, UK paper delivered ransomware

A major UK newspaper is cleaning up its website after a criminals tried to deliver ransomware to thousands of its readers.The attack affected the blogs section of The Independent newspaper's website, Joseph C. Chen, a fraud researcher with Trend Micro, said in a blog post Tuesday."We have already informed The Independent about this security incident and are working with them to contain the situation," Chen wrote. "For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base."To read this article in full or to leave a comment, please click here

Gotta give stealthy 128 Technology credit for cleverness on $20M funding filing

128 Technology, a stealthy software startup that "is on a mission to fix the Internet," has quietly and cleverly filed an SEC form regarding a fresh $20M in funding on, of all days, 12/8.The Burlington, Mass., startup has also jazzed up its website since I looked at it last week while prepping to attend the Xconomy "Enterprise Tech Strikes Back" event in Boston at which 128 CEO and Co-founder Andy Ory took part on a panel discussing "Building the Next Great Infrastructure Company."To read this article in full or to leave a comment, please click here

Network Break 65: HPE’s London Debut, ACI Meets Docker

The Network Break reports on HPE's coming-out party in London, looks into news that Dell will sell assets to reduce debt, digs into Cisco's recent upgrades to ACI, hears Steve Ballmer shouts from the sidelines about Microsoft's cloud revenue, and watches OpenFlow competitor P4 get attention from chip manufacturers.

The post Network Break 65: HPE’s London Debut, ACI Meets Docker appeared first on Packet Pushers.

1 3,197 3,198 3,199 3,200 3,201 3,818