Integrating MISP with NSX Advanced Threat Analyzer

 Contributors: Stefano Ortolani (NSBU TAU)

MISP (originally Malware Information Sharing Platform) is a platform to share, store, and correlate Indicators of Compromise (IOCs) from targeted attacks, threat intelligence, or even financial fraud information. One of the reasons underlying MISP’s success is its extensibility via third-party modules. However, as the number of contributors increases, coordination and distribution can quickly become a challenge. To solve this issue, MISP’s authors created a satellite project called MISP modules.

Before joining the NSX family, we at Lastline contributed three different modules to the MISP project in order to better integrate MISP with the sandbox that is now part of the NSX Advanced Threat Analyzer (ATA) product offering. The main idea was to enrich the file indicators referencing an artifact with behavioral information extracted by detonating the artifact in the sandbox, or by retrieving the analysis result of previous detonations. We accomplished this by relying on three different modules:

  • lastline_submit: An enrichment module used to submit new files to the sandbox; as dynamic analysis requires some time to terminate, the output of this module is an external analysis link represented by a new MISP attribute.
  • lastline_query: An enrichment module to expand a Continue reading

Browser VNC with Zero Trust Rules

Browser VNC with Zero Trust Rules
Browser VNC with Zero Trust Rules

Starting today, we’re excited to share that you can now shift another traditional client-driven use case to a browser. Teams can now provide their users with a Virtual Network Computing (VNC) client fully rendered in the browser with built-in Zero Trust controls.

Like the SSH flow, this allows users to connect from any browser on any device, with no client software needed. The feature runs in every one of our data centers in over 200 cities around the world, bringing the experience closer to your end users. We also built the experience using Cloudflare Workers, to offer nearly instant start times. In the future we will support full auditability of user actions in their VNC and SSH sessions.

A quick refresher on VNC

VNC is a desktop sharing platform built on top of the Remote Frame Buffer protocol that allows for a GUI on any server. It is built to be platform-independent and provides an easy way for administrators to make interfaces available to users that are less comfortable with a command-line to work with a remote machine. Or to complete work better suited for a visual interface.

In my case, the most frequent reason I use VNC is Continue reading

Stretched VLANs: What Problem Are You Trying to Solve?

One of ipSpace.net subscribers sent me this interesting question:

I am the network administrator of a small data center network that spans 2 buildings. The main building has a pair of L2/L3 10G core switches. The second building has a stack of access switches connected to the main building with 10G uplinks. This secondary datacenter has got some ESX hosts and NAS for remote backup and some VM for development and testing, but all the Internet connection, firewall and server are in the main building.

There is no routing in the secondary building and most of the VLANs are stretched. Do you think I must change that (bringing routing to the secondary datacenter), or keep it simple like it is now?

As always, it depends, this time on what problem are you trying to solve?

Read more …

Stretched VLANs: What Problem Are You Trying to Solve?

One of ipSpace.net subscribers sent me this interesting question:

I am the network administrator of a small data center network that spans 2 buildings. The main building has a pair of L2/L3 10G core switches. The second building has a stack of access switches connected to the main building with 10G uplinks. This secondary datacenter has got some ESX hosts and NAS for remote backup and some VM for development and testing, but all the Internet connection, firewall and server are in the main building.

There is no routing in the secondary building and most of the VLANs are stretched. Do you think I must change that (bringing routing to the secondary datacenter), or keep it simple like it is now?

As always, it depends, this time on what problem are you trying to solve?

Read more …

Introducing VMware NSX Advanced Firewall for VMware Cloud on AWS

We are pleased to announce the introduction of VMware NSX Advanced Firewall for VMware Cloud on AWS, which takes the network security capabilities of VMware Cloud on AWS SDDC to a new level. Adding NSX Advanced Firewall features allows organizations to define security policies at Layer 7 while enabling deep packet inspection across all vNICS within the software-defined data center (SDDC). 

NSX Advanced Firewall capabilities help you secure your applications against a never-expanding set of threats on the internet. Specifically, it includes a robust set of networking and security capabilities that enable customers to run production applications in the cloud. 

This capability allows you to: 

  • Detect attempts at exploiting vulnerabilities in your workloads. 
  • Gain protection against vulnerabilities inside your SDDC with granular application-level security policies. 
  • Reduce the attack surface of your workloads by allowing only the intended application traffic to run in your SDDC. 
  • Seamlessly provide inspection for all traffic without a single inspection bottleneck. 
  • Achieve your compliance goals. 
  • Customers can purchase the NSX Advanced Firewall as an add-on in VMware Cloud on AWS. 

Get the full summary on the VMware Cloud Blog or directly access the product page

 

The post Introducing VMware NSX Advanced Firewall for VMware Cloud on AWS appeared first on Network and Security Virtualization.

HPE expands GreenLake services

Hewlett Packard Enterprise announced several expansions of its managed GreenLake services during its HPE Discover conference this week.GreenLake is HPE’s consumption model for hardware and services. Rather than make an outright purchase, customers determine the configuration they will need and HPE installs it, with a slight overprovisioning just in case. If the customer ends up needing more hardware capacity, it’s just turned on. Until then, it just sits there, unused, and at no charge.To read this article in full, please click here

HPE expands GreenLake services

Hewlett Packard Enterprise announced several expansions of its managed GreenLake services during its HPE Discover conference this week.GreenLake is HPE’s consumption model for hardware and services. Rather than make an outright purchase, customers determine the configuration they will need and HPE installs it, with a slight overprovisioning just in case. If the customer ends up needing more hardware capacity, it’s just turned on. Until then, it just sits there, unused, and at no charge.To read this article in full, please click here

Day Two Cloud 103: Scality ARTESCA Is More Than An Object Store (Sponsored)

On today's Day Two Cloud podcast we talk storage with sponsor Scality about its ARTESCA platform, cloud-native object storage for modern workloads. It integrates with Kubernetes, serves as storage for your public cloud, and more. We dive into the product architecture, use cases, and hardware options via Scality's partnership with HPE.

The post Day Two Cloud 103: Scality ARTESCA Is More Than An Object Store (Sponsored) appeared first on Packet Pushers.

Announcing Rollbacks and API Access for Pages

Announcing Rollbacks and API Access for Pages
Announcing Rollbacks and API Access for Pages

A couple of months ago, we announced the general availability of Cloudflare Pages: the easiest way to host and collaboratively develop websites on Cloudflare’s global network. It’s been amazing to see over 20,000 incredible sites built by users and hear your feedback. Since then, we’ve released user-requested features like URL redirects, web analytics, and Access integration.

We’ve been listening to your feedback and today we announce two new features: rollbacks and the Pages API. Deployment rollbacks allow you to host production-level code on Pages without needing to stress about broken builds resulting in website downtime. The API empowers you to create custom functionality and better integrate Pages with your development workflows. Now, it’s even easier to use Pages for production hosting.

Rollbacks

You can now rollback your production website to a previous working deployment with just a click of a button. This is especially useful when you want to quickly undo a new deployment for troubleshooting. Before, developers would have to push another deployment and then wait for the build to finish updating production. Now, you can restore a working version within a few moments by rolling back to a previous working build.

To rollback to a previous build, Continue reading

Why Do We Need BGP-LS?

One of my readers sent me this interesting question:

I understand that an SDN controller needs network topology information to build traffic engineering paths with PCE/PCEP… but why would we use BGP-LS to extract the network topology information? Why can’t we run OSPF with controller by simulating a software based OSPF instance in every area to get topology view?

There are several reasons to use BGP-LS:

Read more …

Why Do We Need BGP-LS?

One of my readers sent me this interesting question:

I understand that an SDN controller needs network topology information to build traffic engineering paths with PCE/PCEP… but why would we use BGP-LS to extract the network topology information? Why can’t we run OSPF with controller by simulating a software based OSPF instance in every area to get topology view?

There are several reasons to use BGP-LS:

Read more …

The Best Technology Stocks to Invest In 2021

The technology sector like all other businesses in the world, has been very volatile lately. However there are still some tech stocks that can get you great results. There are many tech companies that have not only outperformed other tech companies in the world but other types of businesses as well. If you are looking for the most valuable tech stocks to invest in the market then we have gathered an amazing list for you.

Best Value tech stocks:

You always pick a stock that has the highest investing value and get those results by comparing the stock’s price with one or more fundamental basic metrics. The fundamental basic metric is the qualitative and quantitative study that tells the financial well-being of a company and its economic condition. A widely accepted price metric is the P/E ratio which is called price to earnings ratio. It is the ratio for valuing a company measuring its new share price relative to its per-sharing earnings. The investors believe that if a business is reasonable compared to its worth considering the P/E ratio, the stock value could rise quicker than the others because the value comes back in line with the price of the Continue reading

1 724 725 726 727 728 3,859