Sled Meta Blog

Home » Sled Meta Blog

PacketSled Partners with Lyrical Security to Provide Advanced Security Solutions

in Partners by Christina Patten Comments are off
  PacketSled is thrilled to announce a new partnership with Lyrical Security, one of North America’s fastest-growing cyber risk management firms, providing integrated solutions that elevate operations from struggle to success story.  
”We’re excited to take our strategic partnership to the next level,” said Sheldon Malm, Chief Executive Officer of Lyrical Security.  “Packetsled’s innovative platform has become the cornerstone of our Risk Operations Center, enabling our staff to detect threats earlier, accelerate investigations, and manage clients’ risk faster than we could have imagined.  Customer response to the solution has been overwhelmingly positive.”
  Read the Full Release      

It’s 10 PM. Do you know where your data is?

in Security Research by Patrick Kelley Comments are off

I’ve had the fortune of working in Information Technology for over 20 years.  In that time, I’ve realized that this industry is constantly evolving. However, the recent and rapid adoption of cloud-based services has caused a disruption at a magnitude that I had not yet seen.  Unfortunately, it is also happening at a rate that isn’t properly allowing Information Security groups to properly gauge the security ramifications. 

When I first entered this industry, networks were far easier to secure.  We had differentiating operational goals, but what we secured were largely single, flat, and enormous networks with only a handful of entry points.  All data and assets lived within that one or two physical environments with their own dedicated controls.  When we built our enterprise networks, we would build them to support the maximum resources needed to support the assets and needs within that single environment.  It was very linear and, in comparison, far easier to scope and manage than the networks we support today.  Much like today, our worst enemy was downtime, but the rules of engagement has changed, as have the margins for error.

What do users want?  Everything right here. Right now. Oh yeah, we want it to be as cost-effective as possible.

With the benefits of cloud computing including quicker market entry, flexible costs and capacity, larger and more robust network fabric, allowing greater uptime, improved mobility and collaboration, and more fluid merger and acquisitions, it’s easy to understand why there has been such a major push into the IaaS and SaaS space. 

This also means that the “Crown Jewels” live in many new places, around the globe.  Several within the corporation’s complete control, many which does not.  Currently, AWS operates in as many as 13 distinct locations around the world.  That’s a lot of entry and exit points for your data to move.  With the rate of migration and architectural change, most Information Security groups haven’t had the time or resources to assure that proper monitoring is taking place in these new realms.

Let’s face it… It’s a pretty rough day when you experience a breach or network outage in your own network, but it becomes far more complicated when it occurs in your partner’s network.  In reality, the headlines read largely the same. 

Additionally, as compliance oversight and governance won’t go away with the introduction of cloud-services,neither will the requirements for monitoring, reporting, and coordinated incident response with resolution. In addition our research shows that firewall configuration complexity is leaving companies exposed. The technology to keep your networks safe exists, but it’s nearly impossible to manage properly. This is where PacketSled comes in.We build feature-rich, security platforms, which easily enable the aggregation of packet-level, network analysis from multiple IRES sensors deployable around the globe.  

Specifically, PacketSled sensors can live at multiple points throughout your core network, but also live within your cloud-environments. To ease management, we provide a centralized user interface that works for your team, wherever they are in the world.  With an increasing amount of technology partnerships and APIs being developed by Packetsled staff, we also play well with others. 

We understand that innovation is happening and at a rapid pace. With the ease of deploying Packetsled sensors, you can rollout new network coverage in a defined, lockstep approach to make sure you don’t miss an attack on your new infrastructure or initiative.  Best of all, you can launch new sensors when you need the coverage, not months or years beforehand. 

With our service, you always have the most recent detections, protocol analysis, and sensor technology, located in a Data Centre that will adhere to your governance and regulatory compliances.  We perform all of the research and development; you reap all of the benefits.

Wherever your business is today and headed tomorrow. Let us reduce your worries about moving into the cloud. With the Packetsled platform, we’re here to help.

-Patrick Kelley, Sr. Security Researcher

PacketSled is Recognized for the Second Year in a Row as SC Magazine’s Industry Innovator in Next-Generation Security Monitoring and Analytics

in Articles, News, PacketSled by Christina Patten Comments are off

SC Magazine’s 2016 Industry Innovator names PacketSled one of only five who have defined what it really means to be “next-generation.”

 

 

“Applying advanced analytics to threat hunting and evolving an analyst’s tool into an analyst’s tool that also has very strong monitoring, detection, case management and alerting functions.”

The article comes after technology editor Peter Stephenson conducted a second review of the product. In the review, he quickly arrives at yet another one of PacketSled’s key tenants:

“We never have seen that level of support response in any of the products we have reviewed and it provides a realbeneift both to new users and experienced users with a difficult problem.”

Read the Article

Secrutiny and PacketSled- Expanding Incident Response and Automated Network Insight Internationally

in Partners by Christina Patten Comments are off

PacketSled is excited to announce a new partnership with Secrutiny. This partnership allows Secrutiny to resell PacketSled’s cloud-based network security tool, expanding PacketSled’s market internationally. 

 

 

 

“We’re absolutely thrilled to be able to help bring PacketSled’s unique detection, forensics and incident response capabilities to our customers in the UK,” said Founder of Secrutiny, Simon Crumplin. “In today’s threat landscape, attackers are continuously evolving their strategy, which is why we believe that PacketSled’s combination of real-time visibility with full fidelity network history will provide a massive leap forward in information security.” 

 

Secrutiny offers a quick, cost-effective Security Posture Audit to help organizations reveal cyber adversaries are present and active in their network. The company selects only the best technologies and methodology to offer next generation cyber strategy. 

Read the Full Release

 

 

Incident Response Strategy – Establish a Perimeter via Network Visibility

in Incident Response by Mike Spohn Comments are off

As a seasoned incident response practitioner, I am always looking for better ways to manage serious security breaches. Over the last decade, the cyber-security community has refined many strategies and best-practices to help organizations identify, investigate, contain, and remediate advanced threat attacks. This has been enormously helpful.

I have also found it useful to look beyond our own realm in cyber-space and observe how other industries manage large security incidents. A few years ago, I spent some time researching and interviewing public safety, fire, and military professionals. My goal was to determine if there are patterns of behavior in their response tactics that might apply to our IR space. 

Establish a Perimeter

It did not take long to realize that the foundation of most public safety incident handling practices is to, “Establish and secure a perimeter.” This may seem obvious to you, but it is important to realize the safety of human lives is often at stake if this is not done right. When you think about it, almost all public safety, search-and-rescue, and military operations begin with this strategy.

The most obvious example is the fighting of a wildfire. A large percentage of the effort is spent on surrounding the fire and creating a “Dozer line” free of debris to starve the fire. Granted, the firefighters are usually at the mercy of temperature, wind, and humidity. Regardless of the weather, the containment strategy is to surround the fire and work inward to contain it.

Network Visibility is like setting a fire line

Cutting a fire line – Image courtesy of FEMA

 

You see the same behavior when law enforcement agencies are faced with an act of terrorism. From the Boston Marathon attack to the bombing of the Brussels airport, the response was identical. Establish and secure a perimeter and work inward to determine the scope of the incident and look for suspects.

Sometimes this is really difficult. Consider the disappearance of Malaysia Air Flight MH370 on March 8, 2014. Lacking any reliable telemetry to determine where to search for the aircraft, a primary search area (perimeter) of 23,000 square miles was established. Folks, that is a big perimeter. Regardless, the same rule applied: establish a perimeter and search inward.

 

I immediately realized the value of this strategy in cyber-attack incident response investigations. In a cyber-attack response, the “perimeter” is almost always network boundaries. Why? If the source of the attack is not an insider, and the attacker(s) do not have physical access to your computing resources, the source of their attack will be an external network. This dynamic is obvious and compelling.

This makes it easy for incident responders to determine where to ‘establish’ a perimeter. It will always be where any external network has a route to your internal network. The first place to look is where your Internet points-of-presence (POP) are located.

Once you know the “scope” of your perimeter, you have to make some quick decisions on whether or not you “secure” it.

In the case of PCI, HIPAA, or other regulated data loss, you really have no choice but to secure the perimeter by shutting down the network segment. In other cases you need to make a hard decision. Do you lock out the intruders by securing the perimeter, or do you monitor it to learn more about the attacker TTP’s?

Tough choice.

If you secure the perimeter you tip off the attackers you know of their presence, and you lose the ability to collect additional, often critical, evidence. If you monitor the perimeter you run the risk of watching your precious data head to the Far East.

Here at PacketSled, we are all believers in the “Establish/Secure the perimeter and work inward” strategy when dealing with advanced threat actors. In fact, many of our customers rely on PacketSled network sensors to monitor their network perimeters during high-profile incidents.

Network Visibility is the Key to Establishing a Perimeter

Deploying a PacketSled sensor to establish a perimeter is painless. We have an IR deployment package that can have you up and running in minutes. Provide a SPAN/TAP feed to our sensor(s) and you have perimeter network visibility when you need it most.

 

PacketSled Network Visibility Automated Investigation Advanced Threat Hunting

PacketSled Dashboard

 

Let us show you the value of PacketSled network visibility tools. To arrange a product demonstration or talk IR strategies give us a call.

PacketSled at BlackHat 2016 Innovation City Booth #IC29

in Events by rrhyne Comments are off

PacketSled will be at BlackHat 2016 in the Innovation City, booth IC29. Stop by for a demo of IRES, the Incident Response Expert System. Or Schedule a Meeting to take a deeper dive.

bh16usa_1040x400_new_SPONSOR_v1

Data Connectors Anaheim – June 2nd 2016

in Events by rrhyne Comments are off
Join PacketSled June 2nd, 2016 at the Doubletree Anaheim Orange County in Anaheim for Data Connectors Anaheim. packetsled-data-connectors-san-diego tshirt1

We’ll have a giveaway and T-Shirts so be sure to drop by the booth.

TIME TO DIE – Bricking An iPad Over the Air

in Security Research by rrhyne Comments are off

Research from PacketSled and Patrick Kelley, CISSP, CEH, MCP at Critical Assets proves it possible to remotely brick iDevices over-the-air. The team built the exploit based on Zach Straley’s research which exposed a flaw in iOS when a user to manually set the date of an iPhone or iPad to January. 1, 1970.



Using a custom Raspberry Pi setup built by Kelley, a wifi access point resembling a commonly trusted network spoofs Apple’s NTP servers to pass the 1/1/1970 date to the device. This starts a chain reaction of software instability resulting in a observed temperatures up to 54°C… which is hot enough to brick a device.

rpi
The rPi that killed the iPad


The team reported the exploit to Apple who released the update 9.3.1 to address the issue.


Read more on Krebs: krebsonsecurity.com

Data Connectors San Diego – April 14th, 2016

in Uncategorized by rrhyne Comments are off
Join PacketSled April 14th, 2016 at the Handlery Hotel in San Diego for Data Connectors San Diego. packetsled-data-connectors-san-diego

We’ll be giving away an Apple TV and T-Shirts so be sure to drop by the booth.

appletv

PacketSled at GISEC 2016 – March 29th – 31st

in Events by rrhyne Comments are off
Join PacketSled at GISEC at the Dubai World Trade Center, March 29th through 31st. We’ll be presenting two talks per day in the Spire Solutions theater and demoing product the Spire PacketSled booth.

Spire Solutions booth: Hall #7

spire-LOGO
Page 2 of 41234

© 2017 PacketSled, Inc.