Detecting Malware Without Feature Engineering Using Deep Learning 

Detecting Malware Without Feature Engineering Using Deep Learning 

Nowadays, machine learning is routinely used in the detection of network attacks and the identification of malicious programs. In most ML-based approaches, each analysis sample (such as an executable program, an office document, or a network request) is analyzed and a number of features are extracted. For example, in the case of a binary program, one might extract the names of the library functions being invoked, the length of the sections of the executable, and so forth. 

Then, a machine learning algorithm is given as input a set of known benign and known malicious samples (called the ground truth). The algorithm creates a model that, based on the values of the features contained in the samples, is the ground truth dataset, and the model is then able to classify known samples correctly. If the dataset from which the algorithm has learned is representative of the real-world domain, and if the features are relevant for discriminating between benign and malicious programs, chances are that the learned model will generalize and allow for the detection of previously unseen malicious samples. 

The Role of Feature Engineering 

Even though the description Continue reading

Machine Learning, Artificial Intelligence, and How the Two Fit into Information Security 

Everywhere I look, someone’s talking about machine learning (ML) or artificial intelligence (AI). These two technologies are shaping important conversations in multiple sectors, especially marketing and sales, and are at risk of becoming overused and misunderstood buzzwords, if they haven’t already. The technologies have also drawn the attention of security professionals over the past few years, with some believing that AI is ready to transform information security. 

Despite this hype, there’s still a lot of confusion around AI and ML and their utility for information security. In this blog post, I would like to correct some misperceptions. Let’s start by differentiating machine learning from artificial intelligence in general. 

Machine Learning vs. Artificial Intelligence: Understanding the Difference 

Artificial intelligence is the science of trying to replicate intelligent, human-like behavior. There are multiple ways of achieving this — machine learning is one of them. For example, a type of AI system that does not involve machine learning is an expert system, in which the skills and decision process of an expert are captured through a series of rules and heuristics. 

Machine Learning is a specific type of AI. An ML system analyzes a large data set in Continue reading

Lateral Movement: What It Is and How to Block It 

In any given attack campaign, bad actors have a specific goal in mind. This goal may involve accessing a developer’s machine and stealing a project’s source code, sifting through a particular executive’s emails, or exfiltrating customer data from a server that’s responsible for hosting payment card information. All they need to do is compromise the system that has what they want. It’s just that easy. 

Or is it? 

In reality, it’s a little more complicated than that. When attackers compromise an asset in a network, that device usually is not their ultimate destination. To accomplish their goal, bad actors are likely to break into a low-level web server, email account, employee endpoint device, or some other starting location. They’ll then move laterally from this initial compromise through the network to reach their intended target. The initial compromise seldom causes severe damage. Thinking about this another way: if security teams can detect the lateral movement before the attackers reach their intended targets, they can prevent the attacker from successfully completing the mission. 

But what exactly is lateral movement, and how does it work? In this blog, we’ll look at some of the most common types of lateral movement and Continue reading

Stop Ransomware with NSX Network Detection and Response 

Back in 2018, some cybersecurity vendors were reporting that cryptomining malware had infected organizations roughly 10 times more than ransomware.  But since then, ransomware has climbed back to the top of the cybercrime landscape. Europol named ransomware as the top cyber threat organizations faced in 2019. And its impact is increasing: 

“Even though law enforcement has witnessed a decline in the overall volume of ransomware attacks, those that do take place are more targeted, more profitable and cause greater economic damage. As long as ransomware provides relatively easy income for cybercriminals and continues to cause significant damage and financial losses, it is likely to remain the top cybercrime threat.” 

Putting the Dominance of Ransomware into Perspective 

Targeted attacks aren’t the only factor behind the ongoing prevalence of ransomware. Several other forces are also at play. Here are just a few of them. 

The Rising Costs of Ransomware Infections 

Higher ransomware amounts are common. A 2020 report indicated the average cost to recover from a ransomware attack more than doubled from $41,198 to a staggering $84,116. The Wall Street Journal reported that claims managers at Continue reading

The Relevance of Network Security in an Encrypted World 

Hiding malware in encrypted traffic is a tactic increasingly employed by bad actors to conceal attacks. By one estimate, 60% of cyberattacks carried out in 2019 would leverage encryption, and that was predicted to increase another 10% in 2020. Having an understanding of how your security solutions can recognize or prevent threats within SSL traffic is therefore extremely important, particularly since many such tools don’t provide that ability. In this blog, we’ll outline the ways in which security solutions can work with encrypted network traffic. 

The Security Challenges Surrounding Encrypted Network Traffic 

We all understand one of the goals of encrypting network traffic: to protect the confidentiality and privacy of sensitive data in motion. However, encryption also poses a challenge to most network security products —if these products cannot inspect the payload of connections, they lose their ability to detect and respond to threats. 

The Rise of Encrypted Data 

The use of encryption on the Internet has risen dramatically, which on the whole is a good thing. For example, the Google Transparency Report shows that the percentage of encrypted web traffic on the Internet has steadily increased, from around 50% in 2014 to Continue reading

VMware plan disaggregates servers, offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers, offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers, offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers; offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers; offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

Betting On Mass Customization In A Post Moore’s Law World

If you wanted to wrest control of datacenter compute as embodied mainly in the Xeon SP processor away from Intel, there are a number of approaches that you might take. …

Betting On Mass Customization In A Post Moore’s Law World was written by Timothy Prickett Morgan at The Next Platform.

History of Networking: Heather Flanagan on Identity

While identity is adjacent to networking, it is an important part of the network engineering world—and is not well understood. Heather Flanagan joins Donald Sharp and Russ White to talk about SAML, unified identity, and some of the practical aspects of verifying a person’s identity.

download

Sponsored Post: IP2Location, Ipdata, StackHawk, InterviewCamp.io, Educative, Triplebyte, Stream, Fauna

Who's Hiring? 

• InterviewCamp.io has hours of system design content. They also do live system design discussions every week. They break down interview prep into fundamental building blocks. Try out their platform.


• Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.


• Need excellent people? Advertise your job here! 

Cool Products and Services

• IP2Location is IP address geolocation service provider since 2002. The geolocation database or API detects location, proxy and other >20 parameters. The technology has been cited in more than 700 research papers and trusted by many Fortune 500 companies. Try it today!


• ipdata is a reliable IP Address Geolocation API that allows you to lookup the approximate location of any IP Address, detect proxies and identify a company from an IP Address. Trusted by 10,000+ developers. Try it now!


• Developers care about shipping secure applications. Application security products and processes, however, have not kept up with advances in software development. There are a new breed of tools hitting the market that enable developers to take the lead on AppSec. Learn how Continue reading

Losing the Right to Encryption Means Losing Business

Every time a government passes a law that affects the Internet, tech companies must ask themselves a critical question: can they still properly provide their services while protecting user privacy under the new rules?

For companies operating in countries pursuing anti-privacy legislation, the answer is increasingly scary from both a user and corporate perspective.

That’s because anti-privacy laws often try to accomplish their goals by breaking or bypassing encryption – arguably the strongest and most widely available form of privacy and security in our digital age. Weakening encryption makes people and nations around the world more vulnerable to harm online.

But governments around the world that pass anti-privacy legislation are incurring unplanned costs that go beyond the chilling effects of lessened privacy for their citizenry.

Laws that attack encryption and privacy stifle their local tech industry and tarnish their reputation internationally, both of which are detrimental to their own economy.

To uphold the privacy and security of their users, some companies actually end up physically exiting a region and relocating servers – rather than weakening their service. This is something that the VPN company I work for, Private Internet Access, has done multiple times with the most recent example being Continue reading

Groq Shares Recipe for TSP Nodes, Systems

Back in October 2019 when the world was normal and it felt perfectly reasonable to look forward to a slew of AI events that would showcase the newest developments from the chip startup world, we talked about Groq and its inference-oriented chip. …

Groq Shares Recipe for TSP Nodes, Systems was written by Nicole Hemsoth at The Next Platform.

Another Strange Shift for the AI Chip Startup Segment

Few of the AI hardware startups that have made it through the first round of reality (roughly 2016 until the present) have managed to navigate the choppy waters without shifting course, sometimes wildly. …

Another Strange Shift for the AI Chip Startup Segment was written by Nicole Hemsoth at The Next Platform.

Free, Privacy-First Analytics for a Better Web

Everyone with a website needs to know some basic facts about their website: what pages are people visiting? Where in the world are they? What other sites sent traffic to my website?

There are “free” analytics tools out there, but they come at a cost: not money, but your users’ privacy. Today we’re announcing a brand new, privacy-first analytics service that’s open to everyone — even if they're not already a Cloudflare customer. And if you're a Cloudflare customer, we've enhanced our analytics to make them even more powerful than before.

The most important analytics feature: Privacy

The most popular analytics services available were built to help ad-supported sites sell more ads. But, a lot of websites don’t have ads. So if you use those services, you're giving up the privacy of your users in order to understand how what you've put online is performing.

Cloudflare's business has never been built around tracking users or selling advertising. We don’t want to know what you do on the Internet — it’s not our business. So we wanted to build an analytics service that gets back to what really matters for web creators, not necessarily marketers, and to give web creators the Continue reading

Explaining Cloudflare’s ABR Analytics

Cloudflare’s analytics products help customers answer questions about their traffic by analyzing the mind-boggling, ever-increasing number of events (HTTP requests, Workers requests, Spectrum events) logged by Cloudflare products every day.  The answers to these questions depend on the point of view of the question being asked, and we’ve come up with a way to exploit this fact to improve the quality and responsiveness of our analytics.

Useful Accuracy

Consider the following questions and answers:

What is the length of the coastline of Great Britain? 12.4K km
What is the total world population? 7.8B
How many stars are in the Milky Way? 250B
What is the total volume of the Antarctic ice shelf? 25.4M km³
What is the worldwide production of lentils? 6.3M tonnes
How many HTTP requests hit my site in the last week? 22.6M

Useful answers do not benefit from being overly exact.  For large quantities, knowing the correct order of magnitude and a few significant digits gives the most useful answer.  At Cloudflare, the difference in traffic between different sites or when a single site is under attack can cross nine orders of magnitude and, in general, all our traffic follows a Continue reading

Start measuring Web Vitals with Browser Insights

Many of us at Cloudflare obsess about how to make websites faster. But to improve performance, you have to measure it first. Last year we launched Browser Insights to help our customers measure web performance from the perspective of end users.

Today, we're partnering with the Google Chrome team to bring Web Vitals measurements into Browser Insights. Web Vitals are a new set of metrics to help web developers and website owners measure and understand load time, responsiveness, and visual stability. And with Cloudflare’s Browser Insights, they’re easier to measure than ever – and it’s free for anyone to collect data from the whole web.

Why do we need Web Vitals?

When trying to understand performance, it’s tempting to focus on the metrics that are easy to measure — like Time To First Byte (TTFB). While TTFB and similar metrics are important to understand, we’ve learned that they don’t always tell the whole story.

Our partners on the Google Chrome team have tackled this problem by breaking down user experience into three components:

• Loading: How long did it take for content to become available?
• Interactivity: How responsive is the website when you interact with it?
• Visual stability: How Continue reading

Introducing the VMware REST Ansible Content Collection

The VMware Ansible modules as part of the current community.vmware Collection are extremely popular. According to GitHub, it's the second most forked Collection¹, just after community.general. The VMware modules and plugins for Ansible have benefited from a stream of contributions from dozens of users. Many IT infrastructure engineers rely on managing their VMware infrastructure by means of a simple Ansible Playbook. The vast majority of the current VMware modules are built on top of a dependent python library called pyVmomi, also known as vSphere Automation SDK for Python.

Why a new VMware Ansible Content Collection?

VMware has recently introduced the vSphere REST API for vSphere 6.0 and later, which will likely replace the existing SOAP SDK used in the community.vmware Collection.

Since the REST API’s initial release, vSphere support for the REST API has only improved. Furthermore, there is no longer a need for any dependent python packages. In order to maintain the existing VMware modules in the community.vmware Collection, a set of modules specifically for interacting with the VMware REST API is now available in the newly created vmware.vmware_rest Collection.

If you compare modules used with the VMware vSphere Continue reading