Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Detection

Application Layer Infrastructure Visibility in IaaS

The migration to cloud provides faster time to deployment and elasticity, but often at some cost and complexity to infrastructure control and visibility. A concrete example we can use is a deployment of web servers with rational security group configuration, in light of the recent Log4Shell vulnerability. While limitations are similar in all IaaS environments, consider the following AWS architecture with focus on the web servers running on EC2 instances.

Collect & Monitor Telemetry From Any Source

LimaCharlie is continuously expanding the list of difficult problems it solves for security, incident response, cloud engineering and DevSecOps teams across a broad range of customers. Along with an advanced EDR, log aggregation, automations engine, software-defined networking, artifact ingestion, and an operational console for security teams, LimaCharlie now offers the ability to bring in external logs and telemetry from any source.

Securosis Webinar New Age Network Detection

New Age Network Detection: Keeping pace with the Evolution of Tech Infrastructure New approaches to network detection and response to address increasing attacker sophistication and cloud-based resources. How advances in analytics help organizations detect attacks in encrypted traffic and identify command and control traffic. The advantage of an open data approach is to integrate with existing detection capabilities.

XDR: The Importance of Network Technology

XDR is new to the marketplace, and there remains confusion about what it is - and is not. Alex Kirk of Corelight likes to dispel the myth that it's about endpoint security. "You've got to have the N," he says - network technology. In this interview, he dispels myths and expounds on possibilities. In this video interview with Information Security Media Group, Kirk discusses.

Government gets serious: deadlines for Zero Trust Architectures

Since the 1990s, the federal government has been issuing guidelines and recommendations for security via their 800-Series Special Publications. While some of those guidelines became mandates, things have largely inched forward, instead of making any dramatic leaps. OMB’s new memorandum M-22-09, “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles,” is changing this pattern, and setting deadlines for implementation across the government.

Elevate AWS threat detection with Stratus Red Team

A core challenge for threat detection engineering is reproducing common attacker behavior. Several open source and commercial projects exist for traditional endpoint and on-premise security, but there is a clear need for a cloud-native tool built with cloud providers and infrastructure in mind. To meet this growing demand, we’re happy to announce Stratus Red Team, an open source project created to emulate common attack techniques directly in your cloud environment.

Detecting CVE-2022-21907, an IIS HTTP Remote Code Execution vulnerability

In January 2022, Microsoft disclosed a remote code execution vulnerability for Internet Information Server (IIS) identified as CVE-2022-21907, which they have subsequently reported as wormable. Through Microsoft, Corelight Labs was able to review a proof of concept for an attack against the vulnerability. This blog presents an open source detection method that Corelight Labs is releasing to detect exploit attempts of CVE-2022-21907.

No BS security: detect and automate with LimaCharlie & Tines

Why is there so much BS involved in the building and selling of security software? The security stack of the future – and of today, in the best companies – is composed of tools that focus on doing one thing extremely well, with transparent value and pricing, packaged in a product that the team will actually enjoy using. Join Eoin & Maxime, the founders of Tines and LimaCharlie, as we explore why "No BS" is the future of security, and put our own products to the test: building an end-to-end sophisticated detection and response flow using the free, ungated versions of our products.

Arctic Wolf Joins Gartner Peer Insights Customer First Program

Arctic Wolf joins the Gartner Peer Insights Customer First Program in the vulnerability assessment and managed detection and response service. The members of the Arctic Wolf team are excited to announce that we have pledged to be a Customer First vendor in the vulnerability assessment and managed detection and response service. Our team at Arctic Wolf takes great pride in this program commitment, as customer feedback continues to be a critical priority and shapes our products and services.