ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen
•Download as PPTX, PDF•
3 likes•1,554 views
The document discusses the need to quickly investigate security alerts from across a network. It proposes automatically deploying agents across systems to scan for suspicious modules in real time. This would allow starting investigations within seconds of an alert, collecting evidence from any host, and getting actionable data to respond. The system would then automatically detect and react to potentially infected modules.
Report
Share
Report
Share
Recommended
Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...
This is a paper presentation from the 2015 American Control Conference (ACC) invited session on Controls Education. The full paper can be found here: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=7171159.
Reduce Test Automation Execution Time by 80%
Software testers and quality assurance engineers are often pressured to cut testing time to ensure on-time product releases. Usually this means running fewer test cycles with the risk of worse software quality. As companies embrace a continuous integration (CI) that require frequent build and test cycles, the pressure to speed up automated testing is intense. Tanay Nagjee shows how you can cut the time to run an automated test suite by 80%—for example, from two hours to under 25 minutes. Find out how Tayay’s team broke down their test suites into bite-sized test that could be executed in parallel. Leveraging a cluster of computing horsepower (either on on-premise physical machines or in the cloud), you can refactor large test suites to execute in a fraction of the time it takes now. With real example data and a live demonstration, Tanay outlines a three-step approach to achieve these results within different test frameworks.
Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...
The document summarizes a talk given at DevOps Days Chicago 2014 about monitoring tools and philosophies. It discusses using the right monitoring tools for different purposes like New Relic for application performance monitoring, StatsD and DataDog for customizable metrics and alerts, and SumoLogic for log monitoring. It also covers monitoring dependencies, distributed systems, security, and how the speaker's company PagerDuty validates their monitoring through "Failure Friday" tests.
12 Days of Coding Errors
The document discusses common software issues and how to prevent them. It covers overloaded systems, text editors, accidental assignments, plaintext passwords, SQL injection, unstable builds, memory errors, unhandled exceptions, race conditions, false positives, memory leaks, and null pointers. The presentation provides tips on testing components in isolation, using modern editors to reduce bugs, encrypting sensitive data, validating user input to prevent SQL injection, making builds repeatable, handling exceptions properly, and avoiding null pointers.
Serverless computing henry been - logging instrumentation dashboards alerts
The slides from my session at Serverless London on Logging and Monitoring focussed on the Azure Platform and Serverless Offerings
Neptune : Re-thinking Incident Response Automation
- The document discusses re-thinking incident response automation and introduces Neptune.io, an incident response automation platform built for AWS.
- It outlines that incident response today is still mostly manual, taking hours to diagnose issues, and that automation can help reduce resolution times.
- Neptune provides three core pieces for automation - analytics to identify top issues, context gathering from monitoring tools when alerts fire, and running pre-defined remediation runbooks to fix known issues automatically.
Security Insights at Scale
Ensuring security of a company’s data and infrastructure has largely become a data analytics challenge. It is about finding and understanding patterns and behaviors that are indicative of malicious activities or deviations from the norm. Data, Analytics, and Visualization are used to gain insights and discover those malicious activities. These three components play off of each other, but also have their inherent challenges. A few examples will be given to explore and illustrate some of these challenges,
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
We are writing the year 2017. Cyber security has been a discipline for many years and thousands of security companies are offering solutions to deter and block malicious actors in order to keep our businesses operating and our data confidential. But fundamentally, cyber security has not changed during the last two decades. We are still running Snort and Bro. Firewalls are fundamentally still the same. People get hacked for their poor passwords and we collect logs that we don't know what to do with. In this talk I will paint a slightly provocative and dark picture of security. Fundamentally, nothing has really changed. We'll have a look at machine learning and artificial intelligence and see how those techniques are used today. Do they have the potential to change anything? How will the future look with those technologies? I will show some practical examples of machine learning and motivate that simpler approaches generally win. Maybe we find some hope in visualization? Or maybe Augmented reality? We still have a ways to go.
Recommended
Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...
This is a paper presentation from the 2015 American Control Conference (ACC) invited session on Controls Education. The full paper can be found here: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=7171159.
Reduce Test Automation Execution Time by 80%
Software testers and quality assurance engineers are often pressured to cut testing time to ensure on-time product releases. Usually this means running fewer test cycles with the risk of worse software quality. As companies embrace a continuous integration (CI) that require frequent build and test cycles, the pressure to speed up automated testing is intense. Tanay Nagjee shows how you can cut the time to run an automated test suite by 80%—for example, from two hours to under 25 minutes. Find out how Tayay’s team broke down their test suites into bite-sized test that could be executed in parallel. Leveraging a cluster of computing horsepower (either on on-premise physical machines or in the cloud), you can refactor large test suites to execute in a fraction of the time it takes now. With real example data and a live demonstration, Tanay outlines a three-step approach to achieve these results within different test frameworks.
Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...
The document summarizes a talk given at DevOps Days Chicago 2014 about monitoring tools and philosophies. It discusses using the right monitoring tools for different purposes like New Relic for application performance monitoring, StatsD and DataDog for customizable metrics and alerts, and SumoLogic for log monitoring. It also covers monitoring dependencies, distributed systems, security, and how the speaker's company PagerDuty validates their monitoring through "Failure Friday" tests.
12 Days of Coding Errors
The document discusses common software issues and how to prevent them. It covers overloaded systems, text editors, accidental assignments, plaintext passwords, SQL injection, unstable builds, memory errors, unhandled exceptions, race conditions, false positives, memory leaks, and null pointers. The presentation provides tips on testing components in isolation, using modern editors to reduce bugs, encrypting sensitive data, validating user input to prevent SQL injection, making builds repeatable, handling exceptions properly, and avoiding null pointers.
Serverless computing henry been - logging instrumentation dashboards alerts
The slides from my session at Serverless London on Logging and Monitoring focussed on the Azure Platform and Serverless Offerings
Neptune : Re-thinking Incident Response Automation
- The document discusses re-thinking incident response automation and introduces Neptune.io, an incident response automation platform built for AWS.
- It outlines that incident response today is still mostly manual, taking hours to diagnose issues, and that automation can help reduce resolution times.
- Neptune provides three core pieces for automation - analytics to identify top issues, context gathering from monitoring tools when alerts fire, and running pre-defined remediation runbooks to fix known issues automatically.
Security Insights at Scale
Ensuring security of a company’s data and infrastructure has largely become a data analytics challenge. It is about finding and understanding patterns and behaviors that are indicative of malicious activities or deviations from the norm. Data, Analytics, and Visualization are used to gain insights and discover those malicious activities. These three components play off of each other, but also have their inherent challenges. A few examples will be given to explore and illustrate some of these challenges,
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
We are writing the year 2017. Cyber security has been a discipline for many years and thousands of security companies are offering solutions to deter and block malicious actors in order to keep our businesses operating and our data confidential. But fundamentally, cyber security has not changed during the last two decades. We are still running Snort and Bro. Firewalls are fundamentally still the same. People get hacked for their poor passwords and we collect logs that we don't know what to do with. In this talk I will paint a slightly provocative and dark picture of security. Fundamentally, nothing has really changed. We'll have a look at machine learning and artificial intelligence and see how those techniques are used today. Do they have the potential to change anything? How will the future look with those technologies? I will show some practical examples of machine learning and motivate that simpler approaches generally win. Maybe we find some hope in visualization? Or maybe Augmented reality? We still have a ways to go.
So you-want-to-go-faster
How frequently does a good agile team deploy to production? Not every team is capable of deploying "on every commit". What does it take for a team to even start deploying at the end of each sprint, or each week, or each day?
Most companies don't realize that deploying more frequently often requires both significant technical change as well as cultural change. In this talk, I'll guide you through what it takes to deploy more frequently, both from the technical side of setting up pipelines as well as the organizational side of removing red tape. I'll draw on the unique challenges that teams must overcome at each step of the way, from deploying once a month all the way down to full continuous delivery. If your team has been struggling to go faster, come see how you can change to get there. And if you already are at full continuous delivery, come see how to go even faster than that!
HP ArcSight & Ayehu eyeShare - Security Automation
The document discusses strategies for improving security operations center (SOC) response procedures for security alerts. It recommends building clear and strict response procedures for known alerts to minimize the time spent responding. The document also suggests automating response procedures using a workflow tool to further reduce response times and allow SOCs to handle more alerts while focusing on unknown threats. Automation could query directories, block malicious IPs or files, contact users, and integrate with security tools to streamline incident response.
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
Here are the slides from Kristen Crawford's PuppetConf 2016 presentation called Site Launch Automation: From Days to Minutes. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Moving to Continuous Delivery without breaking everything
This document discusses the need for continuous delivery and integration of testing into software development pipelines. It notes that while pipelines focus on speed of delivery, testing is needed to ensure quality and avoid breaking changes. A central hub is needed to provide a single view of all test results from different sources to help determine if a release is ready. Intelligent test selection and optimization could help run relevant test subsets to improve feedback speed while maintaining coverage. An integrated test analysis tool can help address these challenges of continuous delivery.
Measuring IPv6 using ad-based measurement
This document describes how APNIC measures IPv6 adoption by co-opting hundreds of millions of internet users through online ad campaigns. When an ad loads, it sends a "priming query" to APNIC to get a list of measurement tasks. The tasks involve resolving domain names and fetching URLs to APNIC servers, which log the results. APNIC is able to vary tasks to test different capabilities and collect a massive amount of data to analyze IPv6 usage at scale.
Security Attack Analysis for
Finding and Stopping Network Attacks
Network breaches are on the rise, and the consequences are getting more dire. Needless to say, you don't want to be the next Target.You've invested in security tools like firewalls and IPS systems. But today's stealthy attacks can still get through. When you suspect an attack, you need your insurance policy—network forensics.
In this seminar, you'll learn how network forensics—network recording along with powerful search and analysis tools—can enable your in-house security team to track down, verify, and characterize attacks.
You'll also learn about the requirements for effective forensics on today's 10G and 40G networks.
And you'll learn some best practices for configuring captures to help you and your team pinpoint and remediate anomalous behavior that could signal an attack.
API Training 10 Nov 2014
These are the slides from a four hour workshop at an API event on using scanning tools to assess an Industrial Control System (ICS).
Super chargeyourcontiniousintegrationdeployments
This document discusses continuous integration (CI) processes and practices. It defines CI as maintaining a single source code repository and automating the build and testing process. When code changes are committed, the CI server checks out the code, builds it, and runs unit and integration tests. If the build or tests fail, the CI server alerts the team. The document provides several rules for supercharging a CI process, including always having CI in place, managing dependencies, writing tests, keeping content up to date, and continuously deploying items and code changes. Continuous deployment involves serializing content changes, building packages, and deploying packages to environments.
Supercharge Your Continuous Integration Deployments
This document discusses continuous integration (CI) processes and practices. It defines CI as maintaining a single source code repository and automating the build and testing process. When changes are committed, a CI server monitors the repository, checks out the code, builds it, and runs unit and integration tests. If tests fail, the CI server alerts the team. The document provides several rules for supercharging a CI process, including always having CI in place, managing dependencies, focusing on tests, keeping content up to date, and continuously deploying items and code changes. Continuous deployment involves serializing content changes, building packages, and deploying packages to environments.
Owasp joy of proactive security
The document discusses Netflix's approach to proactive security. It defines proactive security as anticipating and addressing security issues before they become problems through automation, intelligence, and continuous monitoring and improvement. Some key aspects of Netflix's proactive security program include using tools like Monterey to automatically discover and scan assets, the Simian Army to test resiliency, Dirty Laundry to find exposed assets, Security Monkey to monitor AWS changes, and sharing security knowledge and tools through open source projects. The document advocates for simplifying security to encourage developer adoption and continuously reevaluating approaches as environments change.
Monitoring - When To start (or Metrics led development)
Metrics led development is a method of developing your monitoring along side your code the same way you develop your CI.
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
This document discusses techniques for writing fast and efficient unit tests in Django. It emphasizes writing unit tests over integration tests to test small units of code. Some best practices for fast tests include setting up tests cautiously, avoiding database usage, using mocks to emulate dependencies, and engineering tests through tools and refactoring code under test. Focusing on test speed led the author to develop a more effective test philosophy and ultimately better code.
Afcom how to move a data center
The document describes how to move a data center to a new location within 35 days. It outlines the key steps taken each week which included retiring and virtualizing servers, designing a new backup architecture, receiving new cabinets and cooling units, moving servers between locations, and final testing at the new site. The move was successful with over 110 servers transferred and backups established for 80 servers within the 35 day timeline. Tips are provided such as planning extensively, thorough documentation, clear communication, having backup plans, and thorough testing.
Container Networking Challenges for Production Readiness
Open Discussion in the Docker community about container networking. We present some alternatives to solve some of the challenges.
Production Challenges for Container Networking
This document discusses production ready container networking challenges and Contiv's approach. It outlines 7 key challenges: 1) scaling to hundreds of containers per host, 2) speed of provisioning networks, 3) layers of orchestration obscuring visibility, 4) need for stable predictable networking, 5) application-centric consumption of resources, 6) policies for shared resources, and 7) consistency across hybrid cloud. It then describes Contiv's approach to address these through techniques like route and policy distribution, automated scaling, flat networks, and integration with application blueprints.
Moving to Continuous Delivery Without Breaking Your Code
This document summarizes Andrew Phillips' presentation on moving to continuous delivery without breaking code. The key points are:
1) Continuous delivery requires both fast execution of code deployments through automated pipelines as well as thorough testing and analysis to ensure high quality and avoid breaking code.
2) Testing practices need to change to keep up with continuous delivery by focusing on automation, functional coverage over technical coverage, and metrics on test quality.
3) A central hub is needed to aggregate testing data from across pipelines and tools to make informed "go/no-go" decisions on releases based on historical test results.
4) Intelligent test selection and optimization techniques can help further improve continuous delivery by running only the most
The Joy of Proactive Security
The document discusses Netflix's approach to proactive security. It outlines the challenges of securing a modern infrastructure with hundreds of applications and instances deploying code continuously. Netflix's solution is to implement proactive security controls that are integrated, automated, scalable and adaptive using tools like Monterey, Simian Army, Dirty Laundry, Security Monkey and Speedbump. The approach focuses on finding problems early, knowing weaknesses, monitoring for anomalies, collecting meaningful data, simplifying security for developers, reevaluating approaches, and sharing learnings with others.
Monitoring Servers, With a Little Help from my Bots
This paper discusses a method of employing bots instead of people to monitor servers or server rooms. A bot is a remote controlled computer or a remote controlled program. A bot is usually a malicious program which is an element of a botnet. A botnet is used for doing malicious things such as spreading spam mails or doing DDoS Attacks. We have made bots and we are using bots for doing beneficial things such as monitoring a server instead of doing malicious things. We are monitoring a web server in our campus using a bot. This bot is tweeting whether the server is running or not periodically on the twitter. We are also monitoring a server room in our campus using another bot. This bot shows managers transition of the room temperature and others.
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
The document discusses APNIC's creation and first year of operations of its Vulnerability Reporting Program (VRP). Some key points:
- APNIC initially received vulnerability reports through various email addresses before creating its VRP. The VRP layout included guidelines for scope, reporting details, and a safe harbor policy.
- Over the first year, the VRP received 73 reports, mostly for issues like XSS and information disclosure. Most reports came from a small number of frequent security researchers.
- Based on lessons learned, APNIC now uses a vulnerability coordination vendor, HackerOne, to receive and triage reports. The VRP page was updated and the scope clarified. After a year, AP
Continuously Integrating Puppet
SNAP Interactive is a social dating platform with over 5 million monthly active users. The presenter discusses how to implement continuous integration of Puppet code through dynamic environments, Jenkins, GitHub pull requests, static analysis, module and catalog testing, dynamic deployment testing, nightly rebuilds, and canary servers before code is released to production. Automating testing ensures code quality and that infrastructure changes do not break existing functionality.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
More Related Content
Similar to ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen
So you-want-to-go-faster
How frequently does a good agile team deploy to production? Not every team is capable of deploying "on every commit". What does it take for a team to even start deploying at the end of each sprint, or each week, or each day?
Most companies don't realize that deploying more frequently often requires both significant technical change as well as cultural change. In this talk, I'll guide you through what it takes to deploy more frequently, both from the technical side of setting up pipelines as well as the organizational side of removing red tape. I'll draw on the unique challenges that teams must overcome at each step of the way, from deploying once a month all the way down to full continuous delivery. If your team has been struggling to go faster, come see how you can change to get there. And if you already are at full continuous delivery, come see how to go even faster than that!
HP ArcSight & Ayehu eyeShare - Security Automation
The document discusses strategies for improving security operations center (SOC) response procedures for security alerts. It recommends building clear and strict response procedures for known alerts to minimize the time spent responding. The document also suggests automating response procedures using a workflow tool to further reduce response times and allow SOCs to handle more alerts while focusing on unknown threats. Automation could query directories, block malicious IPs or files, contact users, and integrate with security tools to streamline incident response.
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
Here are the slides from Kristen Crawford's PuppetConf 2016 presentation called Site Launch Automation: From Days to Minutes. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Moving to Continuous Delivery without breaking everything
This document discusses the need for continuous delivery and integration of testing into software development pipelines. It notes that while pipelines focus on speed of delivery, testing is needed to ensure quality and avoid breaking changes. A central hub is needed to provide a single view of all test results from different sources to help determine if a release is ready. Intelligent test selection and optimization could help run relevant test subsets to improve feedback speed while maintaining coverage. An integrated test analysis tool can help address these challenges of continuous delivery.
Measuring IPv6 using ad-based measurement
This document describes how APNIC measures IPv6 adoption by co-opting hundreds of millions of internet users through online ad campaigns. When an ad loads, it sends a "priming query" to APNIC to get a list of measurement tasks. The tasks involve resolving domain names and fetching URLs to APNIC servers, which log the results. APNIC is able to vary tasks to test different capabilities and collect a massive amount of data to analyze IPv6 usage at scale.
Security Attack Analysis for
Finding and Stopping Network Attacks
Network breaches are on the rise, and the consequences are getting more dire. Needless to say, you don't want to be the next Target.You've invested in security tools like firewalls and IPS systems. But today's stealthy attacks can still get through. When you suspect an attack, you need your insurance policy—network forensics.
In this seminar, you'll learn how network forensics—network recording along with powerful search and analysis tools—can enable your in-house security team to track down, verify, and characterize attacks.
You'll also learn about the requirements for effective forensics on today's 10G and 40G networks.
And you'll learn some best practices for configuring captures to help you and your team pinpoint and remediate anomalous behavior that could signal an attack.
API Training 10 Nov 2014
These are the slides from a four hour workshop at an API event on using scanning tools to assess an Industrial Control System (ICS).
Super chargeyourcontiniousintegrationdeployments
This document discusses continuous integration (CI) processes and practices. It defines CI as maintaining a single source code repository and automating the build and testing process. When code changes are committed, the CI server checks out the code, builds it, and runs unit and integration tests. If the build or tests fail, the CI server alerts the team. The document provides several rules for supercharging a CI process, including always having CI in place, managing dependencies, writing tests, keeping content up to date, and continuously deploying items and code changes. Continuous deployment involves serializing content changes, building packages, and deploying packages to environments.
Supercharge Your Continuous Integration Deployments
This document discusses continuous integration (CI) processes and practices. It defines CI as maintaining a single source code repository and automating the build and testing process. When changes are committed, a CI server monitors the repository, checks out the code, builds it, and runs unit and integration tests. If tests fail, the CI server alerts the team. The document provides several rules for supercharging a CI process, including always having CI in place, managing dependencies, focusing on tests, keeping content up to date, and continuously deploying items and code changes. Continuous deployment involves serializing content changes, building packages, and deploying packages to environments.
Owasp joy of proactive security
The document discusses Netflix's approach to proactive security. It defines proactive security as anticipating and addressing security issues before they become problems through automation, intelligence, and continuous monitoring and improvement. Some key aspects of Netflix's proactive security program include using tools like Monterey to automatically discover and scan assets, the Simian Army to test resiliency, Dirty Laundry to find exposed assets, Security Monkey to monitor AWS changes, and sharing security knowledge and tools through open source projects. The document advocates for simplifying security to encourage developer adoption and continuously reevaluating approaches as environments change.
Monitoring - When To start (or Metrics led development)
Metrics led development is a method of developing your monitoring along side your code the same way you develop your CI.
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
This document discusses techniques for writing fast and efficient unit tests in Django. It emphasizes writing unit tests over integration tests to test small units of code. Some best practices for fast tests include setting up tests cautiously, avoiding database usage, using mocks to emulate dependencies, and engineering tests through tools and refactoring code under test. Focusing on test speed led the author to develop a more effective test philosophy and ultimately better code.
Afcom how to move a data center
The document describes how to move a data center to a new location within 35 days. It outlines the key steps taken each week which included retiring and virtualizing servers, designing a new backup architecture, receiving new cabinets and cooling units, moving servers between locations, and final testing at the new site. The move was successful with over 110 servers transferred and backups established for 80 servers within the 35 day timeline. Tips are provided such as planning extensively, thorough documentation, clear communication, having backup plans, and thorough testing.
Container Networking Challenges for Production Readiness
Open Discussion in the Docker community about container networking. We present some alternatives to solve some of the challenges.
Production Challenges for Container Networking
This document discusses production ready container networking challenges and Contiv's approach. It outlines 7 key challenges: 1) scaling to hundreds of containers per host, 2) speed of provisioning networks, 3) layers of orchestration obscuring visibility, 4) need for stable predictable networking, 5) application-centric consumption of resources, 6) policies for shared resources, and 7) consistency across hybrid cloud. It then describes Contiv's approach to address these through techniques like route and policy distribution, automated scaling, flat networks, and integration with application blueprints.
Moving to Continuous Delivery Without Breaking Your Code
This document summarizes Andrew Phillips' presentation on moving to continuous delivery without breaking code. The key points are:
1) Continuous delivery requires both fast execution of code deployments through automated pipelines as well as thorough testing and analysis to ensure high quality and avoid breaking code.
2) Testing practices need to change to keep up with continuous delivery by focusing on automation, functional coverage over technical coverage, and metrics on test quality.
3) A central hub is needed to aggregate testing data from across pipelines and tools to make informed "go/no-go" decisions on releases based on historical test results.
4) Intelligent test selection and optimization techniques can help further improve continuous delivery by running only the most
The Joy of Proactive Security
The document discusses Netflix's approach to proactive security. It outlines the challenges of securing a modern infrastructure with hundreds of applications and instances deploying code continuously. Netflix's solution is to implement proactive security controls that are integrated, automated, scalable and adaptive using tools like Monterey, Simian Army, Dirty Laundry, Security Monkey and Speedbump. The approach focuses on finding problems early, knowing weaknesses, monitoring for anomalies, collecting meaningful data, simplifying security for developers, reevaluating approaches, and sharing learnings with others.
Monitoring Servers, With a Little Help from my Bots
This paper discusses a method of employing bots instead of people to monitor servers or server rooms. A bot is a remote controlled computer or a remote controlled program. A bot is usually a malicious program which is an element of a botnet. A botnet is used for doing malicious things such as spreading spam mails or doing DDoS Attacks. We have made bots and we are using bots for doing beneficial things such as monitoring a server instead of doing malicious things. We are monitoring a web server in our campus using a bot. This bot is tweeting whether the server is running or not periodically on the twitter. We are also monitoring a server room in our campus using another bot. This bot shows managers transition of the room temperature and others.
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
The document discusses APNIC's creation and first year of operations of its Vulnerability Reporting Program (VRP). Some key points:
- APNIC initially received vulnerability reports through various email addresses before creating its VRP. The VRP layout included guidelines for scope, reporting details, and a safe harbor policy.
- Over the first year, the VRP received 73 reports, mostly for issues like XSS and information disclosure. Most reports came from a small number of frequent security researchers.
- Based on lessons learned, APNIC now uses a vulnerability coordination vendor, HackerOne, to receive and triage reports. The VRP page was updated and the scope clarified. After a year, AP
Continuously Integrating Puppet
SNAP Interactive is a social dating platform with over 5 million monthly active users. The presenter discusses how to implement continuous integration of Puppet code through dynamic environments, Jenkins, GitHub pull requests, static analysis, module and catalog testing, dynamic deployment testing, nightly rebuilds, and canary servers before code is released to production. Automating testing ensures code quality and that infrastructure changes do not break existing functionality.
Similar to ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen (20)
HP ArcSight & Ayehu eyeShare - Security Automation
HP ArcSight & Ayehu eyeShare - Security Automation
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
Moving to Continuous Delivery without breaking everything
Moving to Continuous Delivery without breaking everything
Security Attack Analysis for
Finding and Stopping Network Attacks
Security Attack Analysis for
Finding and Stopping Network Attacks
Supercharge Your Continuous Integration Deployments
Supercharge Your Continuous Integration Deployments
Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
Container Networking Challenges for Production Readiness
Container Networking Challenges for Production Readiness
Moving to Continuous Delivery Without Breaking Your Code
Moving to Continuous Delivery Without Breaking Your Code
Monitoring Servers, With a Little Help from my Bots
Monitoring Servers, With a Little Help from my Bots
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Recently uploaded
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentationsGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
20 Comprehensive Checklist of Designing and Developing a Website
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Recently uploaded (20)
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen
- 1. Or Cohen – We Ankor 2014 or@we-can.co.il
- 2. Saturday, May 17, 2014 slide 2 • Many daily alerts, even after advanced aggregation and correlation. • Investigating a server/workstation is not always possible due to lack of physical access, tools, time or knowledge. • Just starting an investigation may take hours or even days – long after the initial alert was triggered. • Relevant evidence are hard to collect and analyze.
- 3. • Start an investigation for every single alert within seconds. • Get to every host in the network regardless of physical location. • Collect and analyze relevant evidence. • Get actionable and refined data from the investigated host ASAP. Saturday, May 17, 2014 slide 3
- 4. • Automatically deploy (and remove) ECAT agents across the network. • Automatically scan hosts with multiple scan configurations. • Automatically collect scan results from ECAT with full analysis data. • Automatically react to the presence of a suspicious module. Saturday, May 17, 2014 slide 4
- 5. Saturday, May 17, 2014 slide 5 Now what?
- 6. Saturday, May 17, 2014 slide 6 Install ECAT Agent OnWS87771
- 7. Saturday, May 17, 2014 slide 6
- 8. Saturday, May 17, 2014 slide 6
- 9. Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe Module Path: C:$Recycle.BinS-1-5-21-1844237615-1604221776- 725345543-151746re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860 Host Name: WS8771 Host IP: 10.2.34.123 Bytes In: 3211 Bytes Out: 7651819 Target IP: 27.1.34.79 Target Host: superEvil.info Target Port: 21 OPSWAT Verdict: Clean YARA Verdict: Infected - super_evil_malware_group Certificate Status: Not Singed HASH Lookup: Unknown S.L: 49 Comment:Found Infected on 19/05/2014 by: super_evil_malware_group
- 10. Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
- 11. Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860 WS8291 WS8101 WS2151 iexplore.exe svchost.exe tempp.exe
- 12. Saturday, May 17, 2014 slide 6 WS8291 WS8101 WS2151 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
- 13. Saturday, May 17, 2014 slide 6 AVVendor Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
- 14. Or Cohen – We Ankor 2014