In a network assessment, one of the first tasks is to narrow down a large set of IP addresses to a list of active or interesting hosts. It's like trying to find specific houses in a big neighbourhood without knocking on every door. Scanning every possible connection of every single IP address can be slow and often unnecessary. What makes a host interesting depends on what you're looking for.

Remote monitoring and management (RMM) solutions provide flexible methods to enable MSPs to detect network or device anomalies early, facilitating proactive systems monitoring. While these tools are deployed for legitimate purposes, it is common for cybercriminals to make malicious use of them.

Windows New Technology LAN Manager (NTLM) is an outdated challenge-response authentication protocol developed by Microsoft. Despite being surpassed by Kerberos, NTLM remains in use as a form of Single Sign-On (SSO), allowing users to authenticate to applications without directly providing their passwords.

Securing a network against the myriad of evolving cyber threats requires more than just a robust firewall or endpoint protection platform; it demands a multifaceted approach. Corelight’s Open Network Detection and Response (NDR) Platform complements and significantly enhances the effectiveness of next-generation firewalls (NGFWs). Here are 9 reasons why adding Corelight to your cybersecurity arsenal, alongside existing NGFWs, is not just an upgrade but a strategic necessity.

If you’re an administrator running Ivanti VPN (Connect Secure and Policy Secure) appliances in your network, then the past two months have likely made you wish you weren’t. In a relatively short timeframe bad news kept piling up for Ivanti Connect Secure VPN customers, starting on Jan. 10th, 2024, when critical and high severity vulnerabilities, CVE-2024-21887 and CVE-2023-46805 respectively, were disclosed by Ivanti impacting all supported versions of the product.

In the dynamic world of Kubernetes, container orchestration is just the tip of the iceberg. In this sophisticated ecosystem, you must prioritize security efficiency. Kubernetes’ robust, open-source platform has been revolutionary in automating the deployment, scaling, and management of application containers. Yet, such capability comes with significant responsibility, particularly in network security. Here, the role of network policies becomes crucial.

Over the past year, countless articles, predictions, prophecies and premonitions have been written about the risks of AI, with GenAI (Generative AI) and ChatGPT being in the center. Ranging from its ethics to far reaching societal and workforce implications (“No Mom, The Terminator isn’t becoming a reality… for now”). Cato security research and engineering was so fascinated about the prognostications and worries that we decided to examine the risks to business posed by ChatGPT.

This policy setting determines if RPC clients authenticate with the Endpoint Mapper Service when their call includes authentication data. The Endpoint Mapper Service on Windows NT4 (all service packs) is unable to process authentication data provided in this manner. Disabling this policy means RPC clients won’t authenticate with the Endpoint Mapper Service, but they can still communicate with it on Windows NT4 Server. The recommended state for this setting is: Enabled.