In this post, we show how enriching Zeek® logs with cloud and container context makes it much faster to tie interesting activity to the container or cloud asset involved.In cloud or container environments, layer 3 networking is abstracted away from the higher-level tasks of running workloads or presenting data. Because of this abstraction, when Zeek logs are collected for cloud or container network environments, the attribution of a network flow to actual workload or application is difficult.
In our new threat briefing report, Forescout’s Vedere Labs leverages a list of IP addresses known to be used by Killnet hacktivists during past attacks to study their TTPs when attacking a series of honeypots we control.
There is no shortage of alerts concerning security vulnerabilities. Unfortunately, the deluge of data available is overwhelming and not specific enough to be actionable. We don’t think that’s very helpful, so we’ve integrated our platform with Rapid7 InsightVM to ensure that our customers have full visibility into their security posture, including endpoints, and that they know how to prioritize remediation.
As the number of remote workers grows, virtual private networks (VPNs) are becoming a popular way to grant remote access to employees while hiding online activities from attackers. With a VPN, your organization can secure network traffic between your site and users by creating an end-to-end secure private network connection over a public network. In this article, you will learn how a VPN works, what protocols are needed, what challenges are involved, and what alternatives are available.
Across a health system’s digital terrain, the most vulnerable assets are connected medical devices. If those devices become compromised, the infiltration could impact a patient’s privacy, health and safety. Moreover, it could shut down care delivery for days, weeks or longer, with long-lasting financial and reputational impacts. According to Deloitte, an estimated 70% of medical devices will be connected by 2023.
We just released our 22.5 Release to Forward Enterprise and boy what a surprise to have our NQE external data sources finally ready to show the world. Very simply, this allows you to pull in data from external HTTP sources (currently we support HTTP GET) and automagically model the data in our data model explorer and our integrated development environment. To enable this you simply need to add the resource endpoints for the HTTP API of the data you are interested in. i.e.
Nowadays, Wi-Fi networks are among the most commonly used networks, making them a go-to target for cyber attacks. An attacker with basic tools and knowledge can crack 70% of Wi-Fi networks.
