Tag Archives: Positive Technologies

SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks

Today I spoke at SOC Forum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits šŸ˜‰ . And lots of my good fellows.

SOC Forum 2017 Alexander Leonov

The event was held inĀ Radisson Royal Congress Park. There were three large halls for presentationsĀ and a huge space for exhibition/networking.

I would like to mention Š° stand of Positive Technologies. They have shown today their new PT Security Intelligence PortalĀ with dashboards for executives and joint service with Solar Security for providingĀ GosSOPKA functionality. Some stands were dedicated to Russian governmentĀ Information Security initiatives: GosSOPKA, BDU FSTEC vulnerability database and FinCERT of the Central Bank of Russia.

During my presentation, I was talking how massive malware (ransomware) attacks can be useful for an organization. Quite a provocative topic, right? šŸ˜‰ I meant it in the sense that all the hype around malware attack can help Information Security team to do the the following things:

  • Establish useful policies, like mandatory Windows host reboot after patch installation
  • Ban some convenient, but dangerous functionality, like smb file sharing between workstations
  • Implement useful processes, like system hardening (e.g. against mimikatz) or continuous processing of CERT (FinCERT) bulletins

Continue reading

What’s inside Vulners.com database and when were security objects updated last time

As I already wrote earlier, the main advantage of Vulners.com, in my opinion, is openness. An open system allows you to look under the hood, make sure that everything works fine and ask developers uncomfortable questions why there were no updates for a long time for some types of security objects.

You can do this by using the https://vulners.com/api/v3/search/stats/ request, that I already mentioned in “Downloading entire Vulners.com database in 5 minutes

First of all, let’s look at the security objects. This will give us an understanding of Vulners.com basis.

Vulners objects

Continue reading

What’s new in Gartner WAF Magic Quadrant 2017?

To tell the truth, I was not much interested in Web Application Firewall market since the time when I was doing competitive analysis in Positive Technologies. And a few days ago Gartner published a fresh WAF research with interesting Magic Quadrants. I decided to figure out what’s new there.

Here you can download full Gartner WAF MQ 2017 report for free. Thanks to Positive Technologies for such an opportunity!

First of all, let’s look at the illustrations. I took the Magic Quadrant from this year’s report:

Gartner Magic Quadrant WAF 2017

And for comparison from 2014 and 2015 reports:

Gartner Magic Quadrant WAF 2014 and 2015.

The first thing that caught my eye was Akamai in the leaders! And apparently this will be the main message.

Continue reading

Petya the Great and why *they* don’t patch vulnerabilities

I really like this. Just imagine. Quiet, routine, everyday Vulnerability Management process in organizations: scanning-patching, scanning-patching, scanning-patching… And then. Suddenly! PEEETYYA!!!

And at very same moment everything changes. People from different companies start to communicate with each other actively, reverse this new malware, share the data, write and share tools for detection and recovery. Security professional is a friend, a brother and a source of useful information for security professional. Real movement! Real community! =)

Petya ransomware

For example, my friends from Vulners.com created pretty popular gist about Petya (petrWrap, notPetya, GoldenEye) and updated in real time for several hours.

Vulners Petya gist

My former colleagues from Positive Technologies released detailed technical review of this ransomware (in Russian) few hours since theĀ outbreak started, at 01:00 am . They also found a local kill switch, and probably were the first one. Simultaneously with Amit Serper from Cybereason.

Continue reading

PHDays VII: To Vulnerability Database and beyond

Last Tuesday and Wednesday, May 23-24, I attended PHDays VII conference in Moscow. I was talking there about vulnerability databases and the evolution process of vulnerability assessment tools, as far as I understand it.

To Vulnerability Database and beyond

But first of all, a few words about the conference itself. I can tell that since the last year the event got even better. I’ve seen lot of new faces. Some people I didn’t know, but they knew me by my blog and accounts in social networks.Ā What a strange, strange time we live in! I was very pleased to see and to talk with you all, guys! šŸ™‚

PHDays is one of the few events that truly brings all Russian community of security professionals together. I’ve seen people I have studied with in university, colleagues from the all places where I have been worked, and nearly all researchers and security practitioners that I follow. Big thanks for the organizers, Positive Technologies, for such an amazing opportunity!

It is also a truly international event. You can see speakers from all over the world. And all information is available both in Russian and English. Almost all slides are in English. Three parallel streams of reports, workshops and panel discussions were dubbed by professional simultaneous interpreters, like it is a United Nations sessions or something, recorded and broadcast live by the team of operators and directors. Final result looks really great.

Video of my presentation:

I was talking too fast and used some expressions that was hard to translate. The translator, however, did an awesome job. He is my hero! šŸ™‚ If you didn’t understand something on video, I made a transcript bellow.

A version without translation for Russian-speakers is here.

Slides:

Unfortunately gif animation is not working in the Slideshare viewer.

Today I would like to discuss vulnerability databases and how vulnerability assessment systems has been evolving. Prior to discussing vulnerability databases I need to say that any vulnerability is just a software error, a bug, that allowing hacker to do some coolĀ things. Software developers and vendors post information about such vulnerabilities on their websites. And there are tons and tones of vendors, and websites, and software products, and vulnerabilities.

Continue reading