This post is co-authored by Martin Lee, Armin Pelkmann, and Preetham Raghunanda.
Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be laborious and time consuming with relational databases as multiple tables are joined, queried, and the results inevitably take too long to return. Enter the graph database, a fundamentally improved database technology for specific threat analysis functions. Representing information as a graph allows the discovery of associations and connection that are otherwise not immediately apparent.
Within basic security analysis, we represent domains, IP addresses, and DNS information as nodes, and represent the relationships between them as edges connecting the nodes. In the following example, domains A and B are connected through a shared name server and MX record despite being hosted on different servers. Domain C is linked to domain B through a shared host, but has no direct association with domain A.
This ability to quickly identify domain-host associations brings attention to further network assets that may have been compromised, or assets that will be used in future attacks.
Read More »
Tags: analysis, Big Data, correlation, D3, Domain, edge, fast, Graph, Gremlin, IE, Intelligence, internet explorer, IP address, name server, node, relationships, research, threat, Titan, TRAC, vertex, visual, zero-day
Technische Universität Darmstadt, usually known as TU Darmstadt is a research university based in Germany. It was founded in 1877 and over the last 137 years has grown to be among the largest and most prestigious public universities in Germany serving over 25,000 students per year. It is the alma-mater to many world-wide leaders from Nobel prize winners, a CEO of a fortune 500 company, a president of a country and multiple World Robocup champions.
No wonder, they have a reference from Albert Einstein!
In 2009 TU Darmstadt embraced BYOD with the 5508 Series Controller managing the 1140 802.11n Access Points. Recently we talked to Thomas Vogel, the Head of Network Group and Andreas Liebe, the Network Services Manager who have over 15 years of experience managing WLAN environments. In this blog, we will describe some of the details of WLAN deployments using the 3850 Series Switch and the 5760 Series Wireless LAN Controller to address the new requirements in the school environment. Read More »
Tags: 3850, 5760, 802.11, 802.11ac, 802.11n, access, access point, account, AP, App, application, authorized, AVC, bring your own device, buildings, byod, Cisco, client, controller, Converged Access, darmstadt, deployment, devices, employee, encrypted traffic, environment, frankfurt, Germany, infrastructure, IPv6, LAN, management, network, policy, prime, Prime Infrastructure, requirements, research, school, security, services, standard, switch, technische, technology, trend, TU, TUD, unified access, Universität, university, user, visualize, wi-fi, wifi, wired, wireless, wlan
This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering.
Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits. In fact in this particular Angler campaign, the attack is more specifically targeted at Flash and Silverlight vulnerabilities and though Java is available and an included reference in the original attack landing pages, it’s never triggered.
HTTP requests for a specific Angler Exploit Kit campaign
Angler exploit content types delivered to victims, application/x-gzip (Java) is notably absent
Read More »
Mobile communications today is virtually indistinguishable from the first mobile call that was made four decades ago. We have gone from monster handsets to pocket-sized portable computers. Mobile communications has become an essential part of our daily lives. For mobile operators and other companies operating in this space it is essential to know the facts about the mobile market and how the mobile user is changing.
The recent video by Cisco “Understanding the Changing Mobile User” provides key insights for SPs into how mobile users are using LTE, Wi-Fi and their changing mobile behavior. The video identifies options for operators to be successful in the changing mobile world.
The Read More »
Tags: Cisco, mobile, mobile consumer survey, mobility, public wi-fi, research, Service Provider, wi-fi
A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks.
This is due to something we have said before and we will say again: malware is “the weapon of choice” for malicious actors. We know blended threats introduce malware. Our 2014 Annual Security Report notes that every Fortune 500 company that was spoken to for the report had traffic going to websites that host malware. Bloor tells us all, once again, that attack methods are becoming more complex.
To put it plainly, when it comes to networks being breached, it is not a case of if, but when.
Read More »
Tags: Advanced Malware Protection, Advanced Threat Detection, AMP, analyst, Cisco, malware, research, security, Sourcefire