Connect with us

PT Network Attack Discovery detects 33 more suspicious network activities

Published

on

Positive Technologies has released a new release of the PT Network Attack Discovery (PT NAD) 10.2 traffic analysis system.

Positive Technologies has released a new release of the traffic analysis system PT Network Attack Discovery (PT NAD) 10.2, which automatically detects the types and roles of network nodes, detects scan, flood and DDoS attacks, and processes traffic losslessly at speeds up to 10 Gbps.

Detection of new threats

In PT NAD 10.2, the number of detected suspicious activities has been increased by 9 times – there are 37 of them now. All of them are displayed in a single feed [1]to help users respond faster to detected threats. The feed collects threats identified using analytics modules (non-signature method) on one page and makes it possible to manage them. PT NAD users will now know in a timely manner when:

Credentials are transmitted to the network in clear text (which can be used by an attacker during an attack);

· Active VPN and proxy servers are monitored (for example, if internal nodes access external OpenVPN or SOCKS5 proxy servers);

· Software for remote control is used (TeamViewer, AeroAdmin, RMS, etc.) or remote commands are executed using PsExec and PowerShell;

· There is malware activity on the network.

In addition, the Activity stream continues to display custom notifications, backtracking indicator of compromise messages, dictionary passwords, and information about unknown DHCP servers.


PT NAD’s activity feed includes 37 types of threats that require a response

PT NAD 10.2 has a built-in mechanism for detecting network scanning, flooding and DDoS attacks. During such attacks, many sessions are created on the company’s network. Instead of storing information about each connection separately, PT NAD now creates one session record and one attack record in the activity stream, which contains aggregated data about the entire attack session. Such a combination “saves” the system: protects against database overflow and increases the stability of the sensor.

Network Node Management: Roles and Types

In order for information security specialists to have complete information about which nodes are involved in the network interaction and how the network works as a whole, PT NAD began to automatically determine the types and roles of nodes. The type indicates whether a particular node is a server, printer, mobile device, or workstation. Role refers to a function that a device performs. Version 10.2 defines 15 roles, including DNS server, VPN, domain controller, proxy server, monitoring system. The user can manually reassign the device type and role.


With the help of the updated filter, the user can find the nodes of interest by IP address, type, role, group membership and other parameters

Knowledge of what constitutes a company’s infrastructure is necessary in order to properly protect it and accurately detect attacks in it., – comments Dmitry Efanov, head of development, PT NAD Positive Technologies… – This information in PT NAD gives security operators an understanding of what devices are on the network and what roles they play, thus helping to take inventory of the network.“.

Capture and analyze traffic

Starting with this version, PT NAD captures traffic on Linux using the DPDK engine (Intel library that provides the most efficient way to capture traffic on Linux among other mechanisms), which processes it losslessly at a speed of tens of gigabits per second.

For greater transparency of internal traffic, PT NAD 10.2 has expanded the list of defined and parsed protocols. The updated system now parses all existing SQL data transfer protocols: MySQL, PostgreSQL, Transparent Network Substrate from Oracle and Tabular Data Stream (the ability to detect it was added in the previous release). PT NAD also defines the protocols of the Elasticsearch system and PostScript printing – with the help of the latter, printers on the corporate network communicate. The total number of detected protocols has reached 86.

Other UX improvements

A number of changes in PT NAD 10.2 are aimed at improving the usability of the product. Now you can find out from the interface about the current status and validity of the license and add or change it yourself. Added the option to copy the link to the card of a specific session or attack, in order to quickly exchange information with other users.

[1] Added in release PT NAD 10.1

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Instagram said it is strengthening the protection of its underage users

Published

on

The head of Instagram is due to speak at a hearing in the US Congress on December 7 and talk about the measures taken by his service to protect children.

Tuesday, December 7th, Instagram administration stated the intention to carefully select the content recommended for teens and to nudge them to other areas if they get hung up on one thing. On its blog, the service announced a few more changes that will affect teenagers.

Instagram chief Adam Mosseri is due to speak at a hearing in the US Congress on Wednesday, December 7, and talk about the measures taken by his service to protect children online.

Recently, Instagram and parent company Meta Platforms (formerly Facebook) have come under fire for the potential harm to the mental health and safety of children online.

According to Mosseri, Instagram will disable the ability for users to tag or mention teenagers who are not their followers. Starting in January 2022, teenagers will have the opportunity to massively delete their content, previously set “likes” and written comments.

The service looked at control tools to limit potentially harmful or sensitive content to teens through search, hashtags, short videos (Reels) and featured pages, Mosseri said.

Instagram is also launching a Take a Break feature for users in the US, UK, Canada and Australia, which will remind users to distract themselves if the user is stuck in the app for a long time.

In March 2022, Instagram will launch its first parental control tool that will allow parents and guardians to see how much time a teen is spending on the app.

In September of this year, the Instagram administration decided to postpone the launch of the version of the application for children for now, and now the press service of the service has confirmed that the Instagram management does not intend to return to this project yet.

Continue Reading

Security

Israeli authorities strengthen oversight of cyber technology exports

Published

on

The move follows a series of scandals involving Israeli spyware developer NSO Group.

Israel’s Defense Export Control Agency has decided to tighten oversight over the export of offensive cyber products. Companies buying Israeli cyber technologies will have to sign a declaration to use the products “only for the investigation and prevention of terrorist attacks and serious crimes.” Countries that violate the terms of use may be subject to sanctions, “including restricting and / or shutting down the cyber system.”

As the Associated Press reported, the decision was made just days after another NSO Group spyware scandal. US diplomats in Uganda have been targeted by a software tool developed by the NSO Group. Spyware, developed by the Israeli company NSO Group, has been used to hack iPhone smartphones by at least nine US foreign policy officials.

The NSO Group has faced a flood of international criticism over accusations that it helps governments spy on political opponents and human rights defenders. However, according to the company itself, its product is intended solely to help countries in the fight against crime and terrorism. Israel’s Defense Ministry has also drastically reduced the list of countries to which Israeli companies are allowed to sell their cyber technology. If earlier the list included 102 countries, now it has been reduced to 37. In particular, Israel’s new allies Morocco and the United Arab Emirates, in which cases of human rights violations are known, were excluded from it.

Continue Reading

Security

Life360 service is suspected of selling geodata of children to third parties

Published

on

The company is one of the largest providers of confidential information on the personal data market.

Specialists of the non-profit organization The Markup spent investigation into the service Life360, which allows tracking the geolocation of children. As it turned out, the company is one of the largest providers of confidential information in the personal data market.

The Markup contacted two former employees of the so-called “data brokers” Cuebiq and X-Mode. Life360 made about $ 16 million in 2020 from selling user data to dozens of different companies, according to whistleblowers. In addition, two former Life360 employees also told the organization about the company’s additional source of income.

According to a former X-Mode employee, the raw location data from Life360 was one of the most valuable offerings on the market due to the sheer volume and accuracy of the data. A former Cuebiq employee joked that the company would not be able to carry out its marketing campaigns without the constant stream of location data from Life360.

The privacy policy of the application specifies the transfer of personal data, but the wording of the document actually allows the company to “transfer information to third parties in a form that allows you to identify the user.”

The functionality of the service allows you to prohibit the transfer of data, but this is not directly communicated to the user. This function is hidden in several sub-items of the settings, and consent to the use of information for commercial purposes is activated by default.

Whistleblowers said the company did not maintain adequate user anonymity and only removed names or home addresses prior to the sale. The rest of the information made it possible to easily identify the identity of the user. Any organization could become a buyer of data from Life360; the company did not enter into transactions only with government agencies.

The founder of the company, Chris Hulls (Chris Hulls) was unable to confirm or deny the results of the investigation.

Continue Reading

Most Popular