Tag: blog

Osquery Windows Process Event Auditing

State of Osquery Process Auditing Facebook’s Osquery is a proven, lightweight tool to gather process information from endpoints. Osquery has a concept of “tables”, similar to a database, that provide a SQL interface to structured data. It’s important to understand the 2 different types of tables, normal and event, which operate very differently. Let’s dive […]

Read More

Webinar: Defeating Phishing Attacks

This webinar will dive into how DarkBytes proactivley defeats phishing attacks. We'll demonstrate how a malicous, email-delivered Microsoft Office macro is automatically identified and contained using DarkBytes Respond. [video_popup url="https://www.darkbytes.com/wp-content/uploads/2018/08/Webinar-Recording-Defeating-Phishing-Attacks-080918.mp4" text="Watch the Webinar - Defeating Phishing Attacks" title="DarkBytes Webinar: Defeating Phishing Attacks" w="1280" h="720"]
Read More

Endpoint-driven Network Visibility

Modern Networks Today’s enterprise networks are diverse and distributed. Bring-your-own-device (“BYOD”) has turned the internal network into the wild-wild west. Remote offices and acquisitions have added less trustworthy devices into the network. Not only that, many devices are often on-the-road and connecting from external coffee shops or airports with no internal network connectivity at all. […]

Read More

Monitor Critical Windows Updates (CVE-2018-0886)

Introduction Microsoft announced critical security updates this week to patch remote code execution vulnerabilities in the Credential Security Support Provider protocol (CredSSP) for nearly every version of Windows. This vulnerability allows a remote attacker to obtain remote code execution via a man-in-the-middle attack. In other words, if an attacker can get himself into the network […]

Read More

Evolution of EDR

State of Security On average it takes organizations 201 days to identify a breach and 70 days to contain a breach. Enterprises primary defense continue to be prevention-based technologies such as Next-Gen Anti-Virus (NGAV) and Next-Gen Firewalls (NGFW). Although these are great products, they are not enough to stop a breach by themselves. These are easily […]

Read More

Osquery: Optimizing Queries

The Challenge Osquery is a tremendous leap forward in endpoint security. It’s effectively made endpoint visibility, a key technology that was previously used as a “barrier to entry” for the endpoint security market into a commodity that is easily extendable. However, with that flexibility and extensibility, comes some challenges related to dealing with large volumes of […]

Read More

Osquery: Queries & Packs

Facebook’s Osquery Facebook’s Osquery has quickly become a go-to product when considering endpoint security solutions. At it’s core, Osquery exposes operating system data like an SQL database so that data can be easily retrieved across any number of endpoints. In addition, it is battle-tested and has an extremely active community contributing to it every day. […]

Read More