While many companies have become exceptional at protecting against external threats, is there ever worry for attacks happening internally? Enterprises are focused on stabilizing perimeter defenses against outside hackers, but according to a recent report by Forrester, internal breaches have become the top source of breaches in 2013, with 36% of breaches originating from employees.
If you’re relying solely on signatures and rules to protect your cloud infrastructure, you’re doing it wrong. Yes, these were previously the default methods to protect you from attackers, either internal or external. Today, however, malicious hackers are moving faster than these methods can even pretend to keep up with and are evading traditional signature and rule-based network security methods. This brings forth the importance of behavior profiling to detect and stop attacks as quickly as possible to avoid a full-blown breach.
But first (and to be clear) a little more on why signatures and rules are insufficient:
At Threat Stack we write a lot of software around NSM, data collection and processing at a large scale to support our cloud based incident response system. We recently decided to write our own custom unified2 spooler and eventually decided to open source it as a Barnyard 2 replacement.
Threat Stack is proud to announce the public beta of Threat Stack Firewall, an easy and effective way to manage firewall policies across your internal and cloud based infrastructure.
Sorry for the late post everyone! The team has been hard at work deploying Snorby’s new firewall management to our alpha test team. It has been an incredible weekend + Monday and we’re all very proud of the outcome.
We will have a full-write up on our hackathon and a walkthrough of this amazing new Snorby Cloud functionality very soon!
Threat Stack was founded by extremely passionate and competitive individuals that want to make the lives of IT generalists and overwhelmed security analysts better. We plan on doing this by releasing incredibly useful and high quality software, uniting the defensive security community, and making our products accessible through a great user experience and affordable pricing.
Tuning your IDS ruleset to limit false positive alerts and silence non-applicable rules is a critical part of running any competent IDS security strategy. Despite that fact, we’ve always been surprised at how difficult distributing, maintaining, synchronizing, and tuning an efficient set of rules can be.
More mature security shops have had to solve this problem, so they’ve turned to many of the great community and paid tools that are out there. We have seen sophisticated teams leverage everything from popular configuration management tools such as Puppet or Chef, to relying on bash scripts that utilize rsync or SCP to synchronize rules files and configurations across sensors. At the end of the day, none of these solutions are ideal as they still require manual effort and create a system operations expertise barrier to rules tuning.
These last few weeks have been rough on Rails developers. Over the past few weeks there have been several vulnerabilities involving the parsing of Rails parameters, with one leading to arbitrary code execution (CVE-2013-0155, and CVE-2013-0156). Our friend Postmodern, the creator of Ronin (an excellent ruby platform for vulnerability and exploit development), wrote a great blog post explaining vulnerabilities with working PoC code.
Packet Stash, Inc is proud to announce that Snorby Cloud is now available to the public. For those of you just joining us, Snorby Cloud is an instantly deployable, analyst-friendly, and hassle free Network and Host Security monitoring solution by the creators of Snorby.