Today, businesses are increasingly relying on digital technologies to streamline operations and deliver seamless service. A continuously monitored, robust network infrastructure using NPM tools, like OpManager, is critical to ensure business continuity. OpManager, with its advanced AI and ML features, is capable of offering in-depth insights into visibility, network performance, and proactively notifying you of network faults.
A common theme we hear from organizations utilizing a cloud delivered web proxy, either standalone or part of an SSE or SASE platform, is the frustration caused by website localization issues, a common trade-off when using services hosted in different geographies to the user. This is more acute the larger the customer is and the wider the distribution of employees beyond their home country or smaller organizations located in countries with no large scale data center (DC) infrastructure.
Enterprises in the private sector look to the US federal government for cybersecurity best practices. The US CISA (Cybersecurity & Infrastructure Security Agency) issues orders and directives to patch existing products or avoid use of others. The US NIST (National Institute of Standards and Technology) publishes important documents providing detailed guidance on various security topics such as its Cybersecurity Framework (CSF).
During a recent penetration test on a customer application, I noticed weird interactions between the web front-end and back-end. This would eventually turn out to be a vulnerability called HTTP request smuggling, enabled by the fact that the front-end was configured to downgrade HTTP/2 requests to HTTP/1.1. With the help from my colleague Thomas Stacey, we were able to construct an exploit chain with response queue desynchronization along with traditional HTTP/1.1 request smuggling techniques.
In this blog, I’ll share a few NetOps observations of the Black Hat network that I made during my time serving in the Black Hat Network Operations Center (NOC). My hope in doing so is to spark some ideas on how you can use an existing tool like Zeek for a new purpose. These insights were particularly revealing, despite not being linked to any security incidents.
I hate spiders, a lot. But I really hate the idea of a Scattered Spider Attack which can jump between environments that you may have believed were segmented at an alarming rate. That is the stuff of real nightmares for networking and security professionals. Keeping up with your security posture isn’t easy. We’re all doing our best, but is it good enough? One CISO we talked to hired a consulting firm to map out their security posture.
