Networks

In the dynamic world of Kubernetes, container orchestration is just the tip of the iceberg. In this sophisticated ecosystem, you must prioritize security efficiency. Kubernetes’ robust, open-source platform has been revolutionary in automating the deployment, scaling, and management of application containers. Yet, such capability comes with significant responsibility, particularly in network security. Here, the role of network policies becomes crucial.

Over the past year, countless articles, predictions, prophecies and premonitions have been written about the risks of AI, with GenAI (Generative AI) and ChatGPT being in the center. Ranging from its ethics to far reaching societal and workforce implications (“No Mom, The Terminator isn’t becoming a reality… for now”). Cato security research and engineering was so fascinated about the prognostications and worries that we decided to examine the risks to business posed by ChatGPT.

This policy setting determines if RPC clients authenticate with the Endpoint Mapper Service when their call includes authentication data. The Endpoint Mapper Service on Windows NT4 (all service packs) is unable to process authentication data provided in this manner. Disabling this policy means RPC clients won’t authenticate with the Endpoint Mapper Service, but they can still communicate with it on Windows NT4 Server. The recommended state for this setting is: Enabled.

As a Chief Information Security Officer (CISO), you have the enormous responsibility to safeguard your organization’s data. If you’re like most CISOs, your worst fear is receiving a phone call in the middle of the night from one of your information security team members informing you that the company’s data is being sold on popular hacking forums.

Network security services like Google Cloud Armor enable you to filter incoming traffic so that you can prevent attacks from overwhelming your system or from reaching critical components of your application. However, these services often handle threats automatically, making it difficult to gain visibility into attempted security breaches.

Cyber security investors, vendors and the press are abuzz with a new concept introduced by Palo Alto Networks (PANW) in their recent earnings announcement and guidance cut: Platformization. PANW rightly wants to address the “point solutions fatigue” experienced by enterprises due to the “point solution for point problem” mentality that has been prevalent in cyber security over the years.

In this second post of our threat hunting with Corelight and CrowdStrike blog series we dive into Persistence, which is one the many tactical categories outlined in the MITRE ATT&CK framework. In our previous blog, we reviewed some of the common techniques in the Initial Access category, like Drive-By Compromise and Spearphishing. In this post, we examine and provide some useful threat hunting tips on some of the common tactics attackers use to maintain long-term access to a target's environment.