Authors

Bo Bayles

Director of Technical Operations

Bo Bayles

Bo Bayles has been Director of Technical Operations at Observable Networks since 2014. He works with Observable's customers on security practices and incident response. In addition, as part of the engineering development team he also assists in developing Observable’s proprietary software. Before joining Observable Bo worked on network and computer systems engineering in the telecommunications industry.

Blog posts by Bo Bayles

Notes on the WannaCry Ransomware Outbreak

This post discusses the detection of the WannaCry malware and how the Observable service could detect the kind of threat it presents.

Continue Reading

The Lessons of the Intel AMT Vulnerability Announcement

The recent Intel AMT vulnerability announcement illustrates an important reason why you should monitor at the network level instead of at the device level.

Continue Reading

Monitoring Serverless Architectures in AWS

An article that discusses the methods for auditing and monitoring serverless architectures in AWS.

This article will discuss methods of auditing and monitoring of AWS Lambda functions (a key component of serverless architectures in AWS), and how the Observable Networks service puts these methods into practice.

Continue Reading

Automatic Remediation with Stealthwatch Cloud and AWS

A proof-of-concept approach to automate IP blocking using alerts from our Stealthwatch Cloud service (formerly Observable Cloud)

A blog post that takes a closer look at ways you can prevent a remote IP address from interacting with any of your AWS resources using alerts generated by the Stealthwatch Cloud service (formerly Observable Cloud)

Continue Reading

A Technical Preview of Microsoft Azure’s Network Watcher

A technical preview for configuring Microsoft Azure’s new Network Watcher service for security monitoring.

Microsoft’s Azure team is releasing a new service called Network Watcher, which contains a set of new monitoring tools. This article takes a closer look at the technical details, including ways to configure Network Watcher to improve security monitoring.

Continue Reading

IP and Port Scan Alerts

This post will describe how to look at alerts from Observable for network scans, which tends to be harder to judge.


Continue Reading

Static Devices and Detecting Deviations

Observable’s Endpoint Modeling is good at monitoring the “Internet of Things” things. Not only workstations and servers, but printers, phones, cameras, sensors, or industrial devices, and others devices that are found on many networks. It’s possible to identify subtle changes in behavior (that might indicate a compromise) without producing lots of nuisance alerts.

Continue Reading

Investigating Potential Data Exfiltration with the Observable Web Portal

Observable detects all types of security-related issues, including multiple types of alerts in the “data loss prevention” category. These are aimed at identifying instances when a user (or an attacker) might have transferred files or data outside the local network without authorization. Read this post to learn more.

Continue Reading

Researching Potential Threats with Observable's Web Portal

Learn what happens when Observable sends you an alert so you will be able to react to it properly. This post describes how to use the Observable web portal to research a set of suspicious connections.

Continue Reading

Managing Amazon Inspector for More Secure EC2 Environments

Learn more about Observable service’s integration with Amazon Inspector, a security tool for EC2 instances. Inspector produces “assessments” about the security state of EC2 instances. From the Observable web portal you can launch new assessments, schedule recurring assessments, get notified about high-severity findings, and use findings in conjunction with network flow data to help resolve alerts.

Continue Reading