3 min
IT Ops
Digging Deeper on AWS: Real-time Alerting for Windows Security Events
After many conversations with our AWS customers and the AWS CloudTrail team, we
recently released our AWS CloudTrail integration
to automatically
support the most important log events our customers wanted to be monitoring
across their AWS environments. We found that some of the most common need for
notifications included:
* Starting, stopping, terminating, rebooting instances
* Creating or deletingsecuritygroups
* Creating and d
2 min
IT Ops
Revisiting the Past with Logentries and Syslog
When I was younger I was always amazed by my grandfather. He would revel me
in stories about how, when growing up, not only did he not have a car or
television, but he had to walk up hill “both ways” to get to school – without
shoes! And here I am today more or less saying the same thing about the late
70’s and early 80’s when client-server changeover that occurred during that time
and we all had servers sitting in our closets. Setting up syslog
back in
2 min
IT Ops
AWS CloudWatch Logs - Making Innovation Easier and Cheaper
Last week AWS made an exciting announcement at their NYC Summit, which I believe
is a big step in helping to reduce the cost of log management in the cloud
for end users and vendors alike –
good news all around!
What was announced?
Amazon announced ‘CloudWatch Logs’ which essentially allows you to send log data
from your EC2 instances into CloudWatch for storage and some rudimentary
analysis.
How does it work?
CloudWatch logs works by collecting y
3 min
Metasploit
Weekly Metasploit Update: Embedded Device Attacks and Automated Syntax Analysis
D-Link Embedded Device Shells
This week, esteemed Metasploit
contributor @m-1-k-3 has been at it again with his
valiant personal crusade against insecure SOHO (small office/home office)
embedded devices with known vulnerabilities. We have a new trio of modules that
target D-Link gear, based on the research released by Craig Heffner and Zachary
Cutlip, which exploit two bugs present in the DSP-W215 Smart Plug, and one UPnP
comma
2 min
Logentries
Logs to Metrics to JSON to Geckoboard
The world of log management and
application performance monitoring are evolving and
there is no longer a big distinction between the two.
Up to even a year ago, many people in IT viewed logs as simply a means of
identifying and tracking issues once they have occurred within their system. It
was rare that people were using their logs for more than basic application event
tracking and watching for exceptions.
But over the
3 min
IT Ops
TCP or UDP for Logging – Which One to Use?
When sending data over the Internet, we want to be sure that data has arrived
safely and is delivered in a reliable manner. Assuming that our hardware and
operating systems do the job well, we can use transport protocol on the
application level to achieve that goal. In theOSI
model the two most populartransport
protocols areTCP
andUDP
2 min
IT Ops
Using Log Analysis to Find the .18%
Even the most non-technical audiences realize the business value in analyzing
their log data. DevOps professionals are constantly being asked to monitor their
application performance, and often rely on log data for troubleshooting,
diagnostics and application systems monitoring. The challenge is that the amount
of log data generated can be completely overwhelming.
Why log analysis is so difficult?
In one word — volume. Even relatively small applications, can generate millions,
or billions of lo
2 min
Weekly Metasploit Update: Another Meterpreter Evasion Option
Hopping Meterpreter Through PHP
This week, Metasploit landed and shipped the new Reverse HTTP hop stager
for Meterpreter
payloads, which opens up yet another avenue for pivoting about the Internet to
connect to your various and sundry Meterpreter shells. This is kind of a huge
deal.
For starters, this obviously helps with crossing artificial borders between
networks. You may have an engagement target that has a vulnerable web server in
4 min
Logentries
How to Get Full Visibility of CloudTrail, CloudWatch & System Logs
At re:Invent last year
AWS launched CloudTrail , which is
essentially a “trail” of all activity in your AWS Cloud environment… the clue is
in the name ;). CloudTrail has been widely accepted as a great addition to the
AWS toolset as it is useful for numerous use cases including security analysis,
troubleshooting, tracking of AWS resource usage, and more.
While CloudTrai
3 min
Metasploit Weekly Update: Prison Break
Boy, that escalated quickly!
In this week's Metasploit
update, we'd like to introduce two sandbox escaping exploits for Internet
Explorer, and demonstrate how you're supposed to use them. The two we're
covering are MS13-097, an escape due to Windows registry symlinks. And MS14-009,
by exploiting a type traversal bug in .Net Deployment Service. We will also
briefly go over other new modules and new changes, and here we go.
Why You Need a S
4 min
IT Ops
Google Cloud DataFlow – A Game Changer?
So the biggest revolution in database and analytics technology – namely the
distributed batch processing technique known as MapReduce (and the associated
Hadoop-centric ecosystem that has built up around it) is a legacy technology
for one Silicon
Valley player. Last week Google announced the arrival of Google Cloud Dataflow –
a new service for cloud-based big data analytics that, Google says, supersedes
MapReduce.[
While various VCs and
1 min
Gartner calls for rebalancing security budgets: invest more in detection vs. prevention
In his talk last week at the 2014 Gartner Security and Risk Management Summit,
Gartner Analyst Neil McDonald said that when targeted attacks are considered,
traditional technologies like firewalls, intrusion detection and prevention
systems (IDS/IPS) and anti-malware tools fail in detection. That is because it's
hard to use them to detect attacks that nobody has seen before, hence have no
known signature.
Based on Gartner's security infrastructure model, McDonald points out that
companies are s
1 min
Incident Response
Top 3 Takeaways from the "Need for Speed: 5 Tips to Accelerate Incident Investigation Time" Webcast
In a thorough and detailed webcast earlier this week, we heard from michael
belton and Lital Asher - Dotan
on the increasingly urgent
subject, “Need for Speed: 5 Tips to Accelerate Incident Investigation Time
”. Meticulous and successful plans for efficient incident response can make or
break an organization after a
2 min
Scanning time machine: Reporting on a historical scan
In network security, the questions are urgent. Are we protected against malware?
Do we have protocols in place to prevent a hacker from breaking in?
Sometimes, however, you need to look back in time and see what the status was in
the past.
If you have been tracking a vulnerability and it finally goes away, you might
want to check the information in a past scan and compare it to changes in your
environment.
Another reason you might want to report on a historical scan is an audit. If you
are re
3 min
IT Ops
Smart Integration Testing with Dropwizard, Flyway and Retrofit
It’s widely understood that increasing the scope and complexity of a piece of
software almost always dramatically increases the effort required to verify it.
Verification typically entails testing the behavior of the new feature, plus
ensuring no existing functionality has been adversely affected.
Because this kind of testing can quickly become painful for even the simplest of
components, and because at Logentries