Sled Meta Blog

Home » Sled Meta Blog

Secrutiny and PacketSled- Expanding Incident Response and Automated Network Insight Internationally

in Partners by Christina Patten Comments are off

PacketSled is excited to announce a new partnership with Secrutiny. This partnership allows Secrutiny to resell PacketSled’s cloud-based network security tool, expanding PacketSled’s market internationally. 

 

 

 

“We’re absolutely thrilled to be able to help bring PacketSled’s unique detection, forensics and incident response capabilities to our customers in the UK,” said Founder of Secrutiny, Simon Crumplin. “In today’s threat landscape, attackers are continuously evolving their strategy, which is why we believe that PacketSled’s combination of real-time visibility with full fidelity network history will provide a massive leap forward in information security.” 

 

Secrutiny offers a quick, cost-effective Security Posture Audit to help organizations reveal cyber adversaries are present and active in their network. The company selects only the best technologies and methodology to offer next generation cyber strategy. 

Read the Full Release

 

 

Incident Response Strategy – Establish a Perimeter via Network Visibility

in Incident Response by Mike Spohn Comments are off

As a seasoned incident response practitioner, I am always looking for better ways to manage serious security breaches. Over the last decade, the cyber-security community has refined many strategies and best-practices to help organizations identify, investigate, contain, and remediate advanced threat attacks. This has been enormously helpful.

I have also found it useful to look beyond our own realm in cyber-space and observe how other industries manage large security incidents. A few years ago, I spent some time researching and interviewing public safety, fire, and military professionals. My goal was to determine if there are patterns of behavior in their response tactics that might apply to our IR space. 

Establish a Perimeter

It did not take long to realize that the foundation of most public safety incident handling practices is to, “Establish and secure a perimeter.” This may seem obvious to you, but it is important to realize the safety of human lives is often at stake if this is not done right. When you think about it, almost all public safety, search-and-rescue, and military operations begin with this strategy.

The most obvious example is the fighting of a wildfire. A large percentage of the effort is spent on surrounding the fire and creating a “Dozer line” free of debris to starve the fire. Granted, the firefighters are usually at the mercy of temperature, wind, and humidity. Regardless of the weather, the containment strategy is to surround the fire and work inward to contain it.

Network Visibility is like setting a fire line

Cutting a fire line – Image courtesy of FEMA

 

You see the same behavior when law enforcement agencies are faced with an act of terrorism. From the Boston Marathon attack to the bombing of the Brussels airport, the response was identical. Establish and secure a perimeter and work inward to determine the scope of the incident and look for suspects.

Sometimes this is really difficult. Consider the disappearance of Malaysia Air Flight MH370 on March 8, 2014. Lacking any reliable telemetry to determine where to search for the aircraft, a primary search area (perimeter) of 23,000 square miles was established. Folks, that is a big perimeter. Regardless, the same rule applied: establish a perimeter and search inward.

 

I immediately realized the value of this strategy in cyber-attack incident response investigations. In a cyber-attack response, the “perimeter” is almost always network boundaries. Why? If the source of the attack is not an insider, and the attacker(s) do not have physical access to your computing resources, the source of their attack will be an external network. This dynamic is obvious and compelling.

This makes it easy for incident responders to determine where to ‘establish’ a perimeter. It will always be where any external network has a route to your internal network. The first place to look is where your Internet points-of-presence (POP) are located.

Once you know the “scope” of your perimeter, you have to make some quick decisions on whether or not you “secure” it.

In the case of PCI, HIPAA, or other regulated data loss, you really have no choice but to secure the perimeter by shutting down the network segment. In other cases you need to make a hard decision. Do you lock out the intruders by securing the perimeter, or do you monitor it to learn more about the attacker TTP’s?

Tough choice.

If you secure the perimeter you tip off the attackers you know of their presence, and you lose the ability to collect additional, often critical, evidence. If you monitor the perimeter you run the risk of watching your precious data head to the Far East.

Here at PacketSled, we are all believers in the “Establish/Secure the perimeter and work inward” strategy when dealing with advanced threat actors. In fact, many of our customers rely on PacketSled network sensors to monitor their network perimeters during high-profile incidents.

Network Visibility is the Key to Establishing a Perimeter

Deploying a PacketSled sensor to establish a perimeter is painless. We have an IR deployment package that can have you up and running in minutes. Provide a SPAN/TAP feed to our sensor(s) and you have perimeter network visibility when you need it most.

 

PacketSled Network Visibility Automated Investigation Advanced Threat Hunting

PacketSled Dashboard

 

Let us show you the value of PacketSled network visibility tools. To arrange a product demonstration or talk IR strategies give us a call.

PacketSled at BlackHat 2016 Innovation City Booth #IC29

in Events by rrhyne Comments are off

PacketSled will be at BlackHat 2016 in the Innovation City, booth IC29. Stop by for a demo of IRES, the Incident Response Expert System. Or Schedule a Meeting to take a deeper dive.

bh16usa_1040x400_new_SPONSOR_v1

Data Connectors Anaheim – June 2nd 2016

in Events by rrhyne Comments are off
Join PacketSled June 2nd, 2016 at the Doubletree Anaheim Orange County in Anaheim for Data Connectors Anaheim. packetsled-data-connectors-san-diego tshirt1

We’ll have a giveaway and T-Shirts so be sure to drop by the booth.

TIME TO DIE – Bricking An iPad Over the Air

in Security Research by rrhyne Comments are off

Research from PacketSled and Patrick Kelley, CISSP, CEH, MCP at Critical Assets proves it possible to remotely brick iDevices over-the-air. The team built the exploit based on Zach Straley’s research which exposed a flaw in iOS when a user to manually set the date of an iPhone or iPad to January. 1, 1970.



Using a custom Raspberry Pi setup built by Kelley, a wifi access point resembling a commonly trusted network spoofs Apple’s NTP servers to pass the 1/1/1970 date to the device. This starts a chain reaction of software instability resulting in a observed temperatures up to 54°C… which is hot enough to brick a device.

rpi
The rPi that killed the iPad


The team reported the exploit to Apple who released the update 9.3.1 to address the issue.


Read more on Krebs: krebsonsecurity.com

Data Connectors San Diego – April 14th, 2016

in Uncategorized by rrhyne Comments are off
Join PacketSled April 14th, 2016 at the Handlery Hotel in San Diego for Data Connectors San Diego. packetsled-data-connectors-san-diego

We’ll be giving away an Apple TV and T-Shirts so be sure to drop by the booth.

appletv

PacketSled at GISEC 2016 – March 29th – 31st

in Events by rrhyne Comments are off
Join PacketSled at GISEC at the Dubai World Trade Center, March 29th through 31st. We’ll be presenting two talks per day in the Spire Solutions theater and demoing product the Spire PacketSled booth.

Spire Solutions booth: Hall #7

spire-LOGO

PacketSled @ RSA 2016

in Uncategorized by rrhyne Comments are off

Join us at RSA 2016:


RSA 2016

We’ll be presenting our first public demonstrations of IRES, the Incident Response Expert System at RSA 2016. Come join us in the Reservoir Labs booth (#N4321) for one of our two tech talks on the subject:

  • Tuesday March 1st at 2pm
  • Wednesday March 2nd at 2pm

incident response expert system (IRES) Read more about IRES

Reservoir Labs and PacketSled – Scalable Breach Detection and Network Forensics

in Partners by rrhyne Comments are off

PacketSled is excited to announce a new partnership with Reservoir Labs. The partnership extends PacketSled’s platform with plug and play enterprising scaling, acceleration and management of BRO deployments.

reservoir-labs-packetsled
“Our combined solution delivers to clients a unique, enterprise-hardened tool for identifying, hunting, and stopping advanced threats. I am excited to have the opportunity to partner with PacketSled to bring to market a combined solution that harnesses the power of scalability and simplicity.” – added Alison Ryan, Vice President, Business Development at Reservoir Labs.

Reservoir Lab’s R-Scope sensors are purpose-built to accelerate the open source Bro network security monitor framework, allowing for deep insight into network layers 2 through 7. More, R-Scope offers a fully secure, supported, enterprise-ready appliance experience. This, in combination with PacketSled’s behavioral modeling and forensics solution will enable customers to detect malicious behavior by attackers across traditional physical and temporal boundaries.

Read the Full Release

Painless Breach Detection and Network Forensics at Scale? We got this.

in Partners by rrhyne Comments are off
PacketSled is excited to announce a partnership with Interface Masters, a leader in Network Visibility and Uptime Solutions. IM-PS-got-this-half The partnership follows successful engagements at Fortune 10 companies which allowed painless deployment of the PacketSled breach detection and network forensics solutions across a complex multi-network 10G link deployment.
“Interface Masters and PacketSled integrated solution offers a leading edge solution to the market that facilitates real-time analytics, forensic recordings and full 1G and 10G network visibility and uptime,” stated Aaron Nankin, Director of Business Development at Interface Masters Technologies. “The Packet Broker support provides granular network access and packet capture which end customers can leverage to provide complete network monitoring and breach detection.”
Visit Interface Masters Read the Full Release
Page 2 of 41234

© 2017 PacketSled, Inc.