5/20/2023 0 Comments Osquery add ec2 metadata![]() In a world where attacks only seem to get stealthier, more frequent, and more potent, innovative weapons like these are what we need.Most sysadmins have a collection of scripts, one-liners, and other approaches for collecting essential data about a system. It takes a sort of honeypot approach to security defense, strewing “breadcrumbs” (fake credentials, for example) to lead attackers to decoy systems that, once accessed, stamp bad guys with unique identifiers that prevent them from moving across the network and accessing other systems. My personal favorite of these eight products, however, is MazeRunner. Contributing Editor Jonathan Freeman thinks Dashlane is the best - mainly because it delivers a great user experience. Searching for a more personal security resolution for the new year? Here’s one: Time to start using password manager. According to InfoWorld Contributing Editor James Borck, one of the best features of Let’s Encrypt is its automated request and renewal facility, made possible by a client offered by the Electronic Frontier Foundation. Website encryption by default has become the new mantra, so in 2016 the Let’s Encrypt certificate authority arrived to issue SHA-2 certificates free to anyone who owns a domain name. As Fahimida noted in her writeup, AWS may be the first to offer a DDoS solution like this, but we can expect the other major clouds to follow suit soon.Īnother hot issue has been the shift from SHA-1 to SHA-2 digital certificates - the deadline for which was, oops, Jan. Last year saw a big increase in the size and frequency of such attacks, culminating in the DDoS attack against DNS provider Dyn that brought a portion of the internet to its knees. The sole cloud-specific security winner was AWS Shield, which enables AWS customers to mitigate DDoS attacks quickly and easily. ![]() Spot gives admins a way to process the enormous quantities of data associated with network flow, with machine learning algorithms to sort the normal traffic from anomalies that might represent an attack. In real time, OSquery logs all endpoint processes and events in a database, which you query using a SQL-like language like the commercial product Tanium, OSquery puts all that metadata within easy reach so you can determine what’s going on as soon as an attack breaks out. Next up are two open source solutions for detecting badness: OSquery for endpoint inspection and Apache Spot, the latter a big data analytics project that uses machine learning to identify malicious network traffic. Vault and SourceClear attack this problem from different angles: Vault by enabling devs to access sensitive data securely, SourceClear by scanning libraries and frameworks for vulnerabilities. As Dan Kaminsky of White Ops told Fahmida in an interview last year, devs need better tools and environments to be effective in implementing security. Let’s start with the two open source winners that target developers: HashiCorp Vault and SourceClear. ![]() The eight winning security solutions intended to help enterprises fight back fall into several categories. The costs of those attacks, some due to stealthy advanced persistent threats (APTs) initiated years ago, may never fully be known. As Fahmida Rashid reported last week in “ Why 2017 will be the worst year ever for security,” successful attacks continue to increase at an alarming rate - more ominous, many breaches go unreported. He had a succinct response: a surge in new security solutions. I asked InfoWorld Executive Editor Doug Dineley, who has overseen the awards for many years, what was different about this year’s batch. The Technology of the Year Awards is InfoWorld’s annual flagship article - a showcase for the best enterprise tech as determined by our expert contributors and staffers.
0 Comments
Leave a Reply. |