Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer
Contributors: Jason Zhang, Stefano Ortolani, Giovanni Vigna
Cyber security threats have been growing significantly in both volume and sophistication over the past decade with no sign of a slowdown. Naturally, this has also been accompanied by an increased collection of threat telemetry data, ranging from detonation timelines to IDS/IPS detections. Telemetry data, typically represented by enriched time series, often contains underlying peak signals which in turn correspond to a few informative events: occurrences of malware campaigns, heavily used malware delivery vectors, commonly affected verticals, and even anomalies possibly revealing the presence of false positives. While all this information clearly holds tremendous value, mining these data sets can be expensive and complex. As a result, organizations often find it challenging to gain further insights of the underlying threat landscape even though they have access to the data.
Recently at VirusBulletin Threat Intelligence Practitioners’ Summit (TIPs) 2021, we presented our latest research aiming to tackle the challenges discussed above: Telemetry Peak Analyzer is a statistical approach to detect malware campaigns as they happen by relying on telemetry data in an efficient and scalable manner.
Read on to get the key insights of the presentation. We’ll provide an overview of the characteristics Continue reading
Getting Meta: Abstracting And Multisourcing The Network Like An FBOSS
If you want to build the world’s largest social network, with 2.9 billion users, and the massive PHP stack that makes it into an application, you need a lot of infrastructure and you need it to arrive predictably. …
Getting Meta: Abstracting And Multisourcing The Network Like An FBOSS was written by Timothy Prickett Morgan at The Next Platform.
Hedge 108: In Defense of Boring Technology with Andrew Wertkin
Engineers (and marketing folks) love new technology. Watching an engineer learn or unwrap some new technology is like watching a dog chase a squirrel—the point is not to catch the squirrel, it’s just that the chase is really fun. Join Andrew Wertkin (from BlueCat Networks), Tom Ammon, and Russ White as we discuss the importance of simple, boring technologies, and moderating our love of the new.
Cloud Hyperscalers and CSPs: The Time to Collaborate is Now
Benefits of hyperscaler partnerships include expediting time to market for new services and access to the developer ecosystem and community.European Bank Sees Path to ‘Fastest AI Supercomputer’
While Hungarian banks with collective names like OTP Group might not have household recognition here in the U.S., …
European Bank Sees Path to ‘Fastest AI Supercomputer’ was written by Nicole Hemsoth at The Next Platform.
Automating execution environment image builds with GitHub Actions
Ansible Automation Platform 2 leverages containers dubbed automation execution environments which bundle in collection, python and platform dependencies to provide predictable, self-contained automation spaces that can be easily distributed across an organization.
In addition, Red Hat Ansible Automation Platform introduced tools such as execution environment builder, used to create execution environments, and automation content navigator, used to inspect images and execute automation within execution environments. These tools themselves are also highly automatable and can be included in workflows to automatically generate environments to support the execution of automation throughout the organization.
For this demonstration, let's cut to film where I’ll walk through a demo scenario and verify along the way that we’re on the right track. Additionally, you can fork the repository for your own proof of concept.
Where to go next
- If you’re ready to get hands-on, we have self-paced interactive labs available to explore new Ansible Automation Platform 2 technologies.
- If you are a Red Hat customer, please visit the Ansible Automation Platform 2 landing page in the Red Hat Customer Portal that consolidates all our documentation and guidance available to you.
- Please reach out to your local Red Hat representative to assist your organization Continue reading
Non-Stop Routing (NSR) 101
After Non-Stop Forwarding, Stateful Switchover and Graceful Restart, it’s time for the pinnacle of high-availability switching: Non-Stop Routing (NSR)1.
The PowerPoint-level description of this idea sounds fantastic:
- A device runs two active copies of its control plane.
- There is no cold/warm start of the backup control plane. The failover is almost instantaneous.
- The state of all control plane protocols is continuously synchronized between the two control plane instances. If one of them fails, the other one continues running.
- A failure of a control plane instance is thus invisible from the outside.
If this sounds an awful lot like VMware Fault Tolerance, you’re not too far off the mark.
Non-Stop Routing (NSR) 101
After Non-Stop Forwarding, Stateful Switchover and Graceful Restart, it’s time for the pinnacle of high-availability switching: Non-Stop Routing (NSR)1.
The PowerPoint-level description of this idea sounds fantastic:
- A device runs two active copies of its control plane.
- There is no cold/warm start of the backup control plane. The failover is almost instantaneous.
- The state of all control plane protocols is continuously synchronized between the two control plane instances. If one of them fails, the other one continues running.
- A failure of a control plane instance is thus invisible from the outside.
If this sounds an awful lot like VMware Fault Tolerance, you’re not too far off the mark.
EVE-NG Add Extrahop Appliances
I recently started working with Extrahop and wanted to make some labs to understand the product portfolio. I have EVE-NG already setup as a lab platform so I decided to build the labs on that. Extrahop VMs do not have an EVE-NG template out of the box. In this post I will show you how...continue reading
We’ve just published a book on container and cloud-native application security and observability
We are excited to announce the release of our O’Reilly book, Kubernetes security and observability: A holistic approach to securing containers and cloud-native applications. The book, authored by Tigera’s Brendan Creane and Amit Gupta, helps you learn how to adopt a holistic security and observability strategy for building and securing cloud-native applications running on Kubernetes.
Security practitioners are faced with a wide range of considerations when securing, observing, and troubleshooting containerized workloads on Kubernetes. These considerations range from infrastructure choices and cluster configuration to deployment controls and runtime and network security. Although securing cloud-native applications can be a daunting task, our book will give you the knowledge and confidence you’ll need to establish security and observability for your cloud-native applications.
In 11 chapters, the book covers topics relevant to containers and cloud-native applications in detail, including:
- Infrastructure security
- Workload deployment controls and runtime security
- Network policy
- Managing trust across teams
- Exposing services to external clients
- Encryption of data in transit
- Threat defense and intrusion detection
- And more…
After reading the book, you’ll have gained an understanding of key concepts behind security and observability for cloud-native applications, how to determine the best strategy, and which technology choices are available to support Continue reading
Day Two Cloud 123: Managing Multi-Cloud Applications And Infrastructure With vRealize Operations Cloud (Sponsored)
Welcome to Day Two Cloud, where the topic is visibility. Hybrid cloud visibility with a side of Kubernetes, to be specific. VMware has come alongside as today’s sponsor for a discussion about vRealize Operations Cloud to give you that visibility into applications and infrastructure running in complex, multi-cloud environments.Day Two Cloud 123: Managing Multi-Cloud Applications And Infrastructure With vRealize Operations Cloud (Sponsored)
Welcome to Day Two Cloud, where the topic is visibility. Hybrid cloud visibility with a side of Kubernetes, to be specific. VMware has come alongside as today’s sponsor for a discussion about vRealize Operations Cloud to give you that visibility into applications and infrastructure running in complex, multi-cloud environments.
The post Day Two Cloud 123: Managing Multi-Cloud Applications And Infrastructure With vRealize Operations Cloud (Sponsored) appeared first on Packet Pushers.
Want To Get Your Hands On AWS’ Latest HPC Services? Here’s How
Visit SC21 virtually AND enter to win $200 in AWS credits
You won’t be surprised that AWS serves up some of the most powerful HPC products and services on the planet. …
Want To Get Your Hands On AWS’ Latest HPC Services? Here’s How was written by David Gordon at The Next Platform.
AMD Deepens Its Already Broad Epyc Server Chip Roadmap
The hyperscalers, cloud builders, HPC centers, and OEM server manufacturers of the world who build servers for everyone else all want, more than anything else, competition between component suppliers and a regular, predictable, almost boring cadence of new component introductions. …
AMD Deepens Its Already Broad Epyc Server Chip Roadmap was written by Timothy Prickett Morgan at The Next Platform.
How to Accelerate Your Digital Transformation with VMware’s Cloud Networking Capabilities
Realize What’s Possible with Advanced Cloud Networking Capabilities
VMworld 2021 – what a whirlwind. Thank you for attending and making the virtual event a success. With so many sessions and so little time, we thought it was important to point out one of the most notable networking sessions of this year: Automation is Modernizing Networks, delivered by Tom Gills, SVP & General Manager, Networking and Advanced Security.
In case you missed it, we’re going to catch you up on essential insights, networking news, and more.
Networking by the Numbers
The vision behind VMware’s cloud networking is to centralize policy and networking infrastructure. Today, there are more than 23,000 customers using VMware’s virtual networking products. 96 out of the Fortune 100 have chosen VMware to virtualize their network infrastructure. VMware has replaced more than 12,000 power-hungry, hardware load balancer appliances. There are more than 450,000 branch sites globally, accelerating the digital transformation for enterprises of all kinds.
Leveling Up
Taking a step back, we can see how clearly all of these developments are enhancing digital operations for our various constituents. With two strokes of a key, our customers can send applications directly into production. This includes scanning for security/compliance violations, enforcing these security and compliance Continue reading
The Deep Skills Every Network Manager Should Possess
The network manager's role is expanding and evolving. Is your skillset keeping pace with changing technologies and challenges?Nvidia Declares That It Is A Full-Stack Platform
In a decade and a half, Nvidia has come a long way from its early days provider of graphics chips for personal computers and other consumer devices. …
Nvidia Declares That It Is A Full-Stack Platform was written by Jeffrey Burt at The Next Platform.