Bo Bayles has been Director of Technical Operations at Observable Networks since 2014. He works with Observable's customers on security practices and incident response. In addition, as part of the engineering development team he also assists in developing Observable’s proprietary software. Before joining Observable Bo worked on network and computer systems engineering in the telecommunications industry.
This post discusses the detection of the WannaCry malware and how the Observable service could detect the kind of threat it presents.Continue Reading
The recent Intel AMT vulnerability announcement illustrates an important reason why you should monitor at the network level instead of at the device level.Continue Reading
This article will discuss methods of auditing and monitoring of AWS Lambda functions (a key component of serverless architectures in AWS), and how the Observable Networks service puts these methods into practice.Continue Reading
A blog post that takes a closer look at ways you can prevent a remote IP address from interacting with any of your AWS resources using alerts generated by the Stealthwatch Cloud service (formerly Observable Cloud)Continue Reading
Microsoft’s Azure team is releasing a new service called Network Watcher, which contains a set of new monitoring tools. This article takes a closer look at the technical details, including ways to configure Network Watcher to improve security monitoring.Continue Reading
This post will describe how to look at alerts from Observable for network scans, which tends to be harder to judge.
Observable’s Endpoint Modeling is good at monitoring the “Internet of Things” things. Not only workstations and servers, but printers, phones, cameras, sensors, or industrial devices, and others devices that are found on many networks. It’s possible to identify subtle changes in behavior (that might indicate a compromise) without producing lots of nuisance alerts.Continue Reading
Observable detects all types of security-related issues, including multiple types of alerts in the “data loss prevention” category. These are aimed at identifying instances when a user (or an attacker) might have transferred files or data outside the local network without authorization. Read this post to learn more.Continue Reading
Learn what happens when Observable sends you an alert so you will be able to react to it properly. This post describes how to use the Observable web portal to research a set of suspicious connections.Continue Reading
Learn more about Observable service’s integration with Amazon Inspector, a security tool for EC2 instances. Inspector produces “assessments” about the security state of EC2 instances. From the Observable web portal you can launch new assessments, schedule recurring assessments, get notified about high-severity findings, and use findings in conjunction with network flow data to help resolve alerts.Continue Reading