You are viewing 'ActiveGuard'
An Ongoing Threat
W00t! It's trilogy time! Some stories warrant a trilogy, like Christopher Nolan's Dark Knight Trilogy or Star Wars Episodes IV to VI. Others, not so much... yeah, I'm looking at you Karate Kid II and III.
I think the Heartbleed bug in OpenSSL warrants the additional coverage. Only time will tell, I suppose.
For those of you just joining us, part one is the blog "'Heartbleed Bug' in OpenSSL Puts Data at Risk", where I covered what the vulnerability is and how to remediate it with the information that was available shortly after the release.
To recap: we are dealing with a single vulnerability in the OpenSSL library that was exploitable for over two years. It exploits a missing bounds check in the heartbeat function, which is normally used to notify a server the client is still active. The result is a leak in system memory, up to and including the private key for the SSL certificate. Bad News Bears,... read more >
As OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet, most users come into contact with it on a regular basis. Unfortunately, a serious vulnerability in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520), deemed the “Heartbleed Bug” was discovered on Monday. The official CVE reference to this bug is CVE-2014-0160. This weakness allows attackers to steal the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as Web, email, instant messaging (IM) and some virtual private networks (VPNs).
This vulnerability was first placed in the OpenSSL code during December 2011 and was released into the... read more >
I think singer Rick Springfield got it right back in 1983. We all need the human touch, even in IT security. For most of us who have been around IT security for some time, especially on the vendor side, security is about new technology, a new feature on an appliance or a vendor who has a new take on an old problem. What’s missing from that mindset is the human touch – how adding human intelligence and human interaction to the technology makes for a stronger security solution.
Being an old-school music fan, there’s nothing better to me than watching a real band, with real musicians performing on stage. Techno and computerized music are mostly lost on me. Back in ’83, Rick was prescient enough to write:
Everybody's talking to computers
They're all dancing to a drum machine
I know I'm living on the outside
Scared of getting caught between
I'm so cool and calculated alone in the modern world
How... read more >
It’s almost Valentine’s Day! And in honor of Mr. Saint Valentine I am going to opine for a bit on an ActiveGuard® feature that I LOVE. Specifically I am going to tell you why LOVE is at the heart of this technical process. What is this I speak of? ALVA. No, not Alva and the Chipmunks but the “ActiveGuard Log Volume Analyzer” or also commonly known as LAVA in its latest form within our company. Why is LOVE integral to ALVA/LAVA? Let me tell you!
ogs are the back bone of any security monitoring practice. But not all security incidents, threats or events have a specific log event tied to it. Not all products such as WAFs or IDSs have signatures to detect every security event, nor are there explicit log lines that will occur for every issue a device may face. But by... read more >
I was on a sales call recently when a client requested an example of how our Security Engineering Research Team (SERT) provides specific security intelligence that results in the protection of the client base. This was a great question, and I wanted to take a moment to provide a real-world example of the value that SERT delivers to both the client base and the security community at large.
Malware Reverse Engineering
SERT performs ongoing malware and threat analysis, and regularly provides consumable threat intelligence to the rest of the Solutionary engineering teams. In one particular case, SERT obtained an image of a suspected infected machine residing on a client network. SERT performed a full analysis of the image and isolated the malware specific files. SERT then performed reverse engineering using advanced static... read more >