Sled Meta Blog

Home » Sled Meta Blog

SC Magazine Names PacketSled Innovator in Next-Generation Security Monitoring and Analytics

in Articles, News, PacketSled by rrhyne Comments are off
sc_logo_21413_345884

SC Magazine’s 2015 Industry Innovator segment names PacketSled one of only three innovators in the space. The magazine describes the next generation of monitoring products as:

“sophisticated analytic algorithms, machine learning and heavy, cloud-based analysis allowing very lightweight agents on the enterprise.”
Network forensics dashboard

The article comes after technology editor Peter Stephenson conducted a thorough review of the product, in both live traffic and research environments. In the review, he quickly arrives at one of PacketSled’s key tenants:

“in managing security incidents, speed counts. PacketSled provides easy, fast understanding that allows analysts to pick useful information out of the noise”

Read the Article

PacketSled CEO Interviewed for Huffington Post Live

in Uncategorized by rrhyne Comments are off
Ben FitzGerald @benatworkdc and PacketSled @PacketSled CEO Matt Harrigan appeared on Huffington Live today to discuss the Anonymous’ declaration of war against ISIS. Screen Shot 2015-11-17 at 2.35.44 PM Watch the Interview

PacketSled Tapped for TechCrunch Article on Data Breaches

in Uncategorized by rrhyne Comments are off
techcrunch

Jon Biggs at TechCrunch recently reached out to PacketSled CEO Matt Harrigan among others to provide insight on what it means to be breached. The article, titled “So You’ve Been Breached” details the affects of several breaches from a number of angles and provides measures we can all take to prevent further mayhem.

Read the full article

PacketSled CEO Interview by the Hill on Anonymous Motivations

in Uncategorized by rrhyne Comments are off
anon-kkk

As Anonymous was set to release identities of individuals involved in the KKK, the Hill interviewed PacketSled CEO Matt Harrigan for his take on the group’s motivations.

But others are skeptical about Anonymous’s true intentions.

“The motivation of Anonymous as a whole really is to get attention,” said Matt Harrigan, president and CEO of cyber threat detection firm PacketSled, who monitors the hacking group. “It’s a PR machine for causes that somebody inside Anonymous has decided are important.”

And the KKK makes for perfect prey.

“They’re a target because they’re obviously not well liked, but at the same time they make a great news story,” Harrigan said. “What’s the thing that people despise more than anything? An organized hate group.” [Matt Harrigan]

Operation KKK has been exhaustively making the case for its digital crusade over the last week.

Read the full article

PacketSled CEO Confirms a Lack of Reduction in Cyber Attacks Emenating from China

in Uncategorized by rrhyne Comments are off

PacketSled CEO @mattharrigan was quoted in eWeek regarding the recent US-China cyber pact. The article calls the pact into question after tapping sources in the cyber security industry who verify the lack of reduction in attacks emanating from Chinese nation-state backed actors.

“There is no indication from our perspective that the usual behavior from nation-state attackers in China or any other country has slowed in any way,” Harrigan told eWEEK. “It is important to remember that public-facing international policy statements are often vastly different from the reality of what happens in the world of U.S. and foreign intelligence agencies engaged in tradecraft.”
packetsled-in-eweek
Read the full article

PacketSled at ToorCon 17

in Events by rrhyne Comments are off

PacketSled is excited to be a Gold Sponsor of Toorcon 17 at the San Diego Westin Emerald Plaza, October 21st-25th.

Stop by the PacketSled lounge for a beverage and sticker and enter to win one of the Rasberry Pi computers we’ll be giving away at the show.

tclogo

PacketSled Earns Buy Recommendation and Perfect Score from SC Magazine

in News, PacketSled by rrhyne Comments are off
dashboard-stars

The digital forensics group test review earned PacketSled five-out-of-five stars across all categories: features, ease-of-use, performance, documentation, support and value for the money. The review also cites PacketSled’s unique visualizations, excellent analytics and ease of installation among other qualities leading to the 5 star rating.

“This is an excellent tool with depth and a massive amount of actionable information available to prevent and analyze complex breaches.” – Dr. Peter Stephenson, SC Magazine

While the majority of solutions in the space are focused on a single threaded approach to solving for detection and response, PacketSled identifies threats using a combination of sensor based and cloud analytics, signatures, and threat intelligence, providing incident responders the ability to dive deeply into a threat, or hunt through data on a massive scale.

“We’re very pleased to be rated so highly in this group test. Continuous Monitoring, Forensics, and Incident Response are the fastest growing areas in security for good reasons. Attackers are continuously evolving their strategy, making the combination of real-time visibility with a full fidelity network history one of the most important considerations in information security,” said Matt Harrigan, the company’s President and CEO. “Our consumption-based billing and cloud model enables us to help customers in the mid-market that have previously been unable to deploy these measures due to cost considerations.”

PacketSled can ingest data at speeds ranging from sub-1Gbps to 100Gbps and can be deployed via a software install in mere minutes. The platform gives security analysts the ability to discern real attacks from noise, dramatically reducing the time it takes to resolve serious security incidents.

Read the article

Inside ClickJacking Malware

in Malware by rrhyne Comments are off

inside-clickjacking-malware

While Clickjacking isn’t as pervasive as it was in the mid 2000’s, hackers are getting increasingly crafty in how they deploy it.

PacketSled recently contributed research to a TechCrunch article about a particularly crafty clickjacking deployment Clickjackers: Inside The Strange New World Of Modern Spyware.

“We were able to retrieve a sample which our research team analyzed for behavioral traits and indicators. From these data points we were able to preform an analysis across our sensor network for the threat. The resulting investigation not only provided ammo for the article, it increased our customer’s security posture.” said Harrigan.

It’s all part of the day to day security research at PacketSled and the industry as a whole, but we’re very pleased to help TechCrunch get this kind of information out to the wider tech public.

The Biggest Companies in the World Are Failing at Basic Detection

in Incident Response, Malware, PacketSled, Threat Detection by Web Admin Comments are off
We received a really interesting email from our upstream Internet provider yesterday – AT&T, indicating that we were effectively infected with Tinba malware. For those of you who don’t remember it, Tinba is 4 year old Windows specific Malware based on the old Blackhole exploit kit that does all kinds of fun stuff like steal facebook credentials, attempt to access your online banking accounts, etc. The email was as follows: att-incident Technical and operational observations are as follows:
  • First, we don’t possess any Windows machines capable of executing this Malware, with the exception of some VMs that are turned off unless otherwise needed.
  • Second, all of those machines have adequate endpoint protection on them, such that they would have averted this ancient attack, should it have been, you know, actually happening.
Regarding the email we received, if you haven’t already found the funny part, I’d like to point that out first. Obfuscating the IP address of the site that (according to them) indicates an infection is extraordinarily unhelpful, almost to the point where I feel like they might be trying to live up to some weird obtuse legacy of what it was like to order circuits in the 1990s. Thankfully, they took the time to include the domain name, which, you know…resolves to the obfuscated IP address listed directly above it. The unfortunate part about this situation is that they simply didn’t have the proper tools to make a quick determination that this was in fact, not a threat at all, and that we were running some tests on this network against legacy threat intel. Of course, we knew that, and we could easily validate that such testing was occurring during the timeframe that they mention with a simple query in the investigator as follows:
Querying specific IPs during specific timeframes using natural language

Querying specific IPs during specific timeframes using natural language

We get one session record returned:
PacketSled Investigator

PacketSled Investigator

And immediately determine that this “threat” originated from a Mac running Wget:
Hey look, not a Windows machine. Not even a real browser.

Hey look, not a Windows machine. Not even a real browser.

Nevertheless, we received this email, meaning that someone in the AT&T SOC had to investigate this non-incident, put in a ticket, send the email and manage the eventual closure of that ticket. This scenario is extremely commonplace. The number of SOC personnel, incident responders, and general infosec professionals that routinely chase non-incidents due to only having partial data is extremely perplexing. The data is in the packets. Making it accessible to analysts and automated processes such that it can be intelligently used is the goal. With something this simple getting incorrectly bubbled up to the top, we are clearly a long way off from that goal.

Using PacketSled to Solve SANS Forensic Challenge #6

in Uncategorized by rrhyne Comments are off
Beginning with challenge #6 – “Ann’s Aurora” we will be revisiting SANS forensics contests where deep network insights are required, and releasing a series of videos hat highlight how some of these challenges can be solved using PacketSled’s advanced breach detection and network forensics capabilities.
Page 3 of 41234

© 2017 PacketSled, Inc.