Notes on the WannaCry Ransomware Outbreak

This post discusses the detection of the WannaCry malware and how the Observable service could detect the kind of threat it presents.

Continue Reading

The Lessons of the Intel AMT Vulnerability Announcement

The recent Intel AMT vulnerability announcement illustrates an important reason why you should monitor at the network level instead of at the device level.

Continue Reading

Monitoring Serverless Architectures in AWS

An article that discusses the methods for auditing and monitoring serverless architectures in AWS.

This article will discuss methods of auditing and monitoring of AWS Lambda functions (a key component of serverless architectures in AWS), and how the Observable Networks service puts these methods into practice.

Continue Reading

Automatic Remediation with Stealthwatch Cloud and AWS

A proof-of-concept approach to automate IP blocking using alerts from our Stealthwatch Cloud service (formerly Observable Cloud)

A blog post that takes a closer look at ways you can prevent a remote IP address from interacting with any of your AWS resources using alerts generated by the Stealthwatch Cloud service (formerly Observable Cloud)

Continue Reading

A Technical Preview of Microsoft Azure’s Network Watcher

A technical preview for configuring Microsoft Azure’s new Network Watcher service for security monitoring.

Microsoft’s Azure team is releasing a new service called Network Watcher, which contains a set of new monitoring tools. This article takes a closer look at the technical details, including ways to configure Network Watcher to improve security monitoring.

Continue Reading

Managing Amazon Inspector for More Secure EC2 Environments

Learn more about Observable service’s integration with Amazon Inspector, a security tool for EC2 instances. Inspector produces “assessments” about the security state of EC2 instances. From the Observable web portal you can launch new assessments, schedule recurring assessments, get notified about high-severity findings, and use findings in conjunction with network flow data to help resolve alerts.

Continue Reading

Automated Observable Setup for AWS Users

Automatically provision your AWS accounts with a new tool

Learn how easy it can be to set up Observable monitoring for an AWS account. Learn the steps here.

Continue Reading

Ransomware Meets Remote Server Tracking and Sentinel Files

Enterprising administrators came up with the idea of putting "canary" or "sentinel" files out on their shared drives.

For organizations ransomware isn't just a particularly annoying type of malware. It's somewhat inconvenient when a user loses access to the files on an infected drive, but it's unspeakably horrible when all users lose access to the files on a network share. Some enterprising administrators came up with the idea of putting "canary" or "sentinel" files out on their shared drives. These are files that normal users would have no reason to access and whose contents are known to a monitoring system.

Continue Reading

Our Open Source VPC Flow Logs Tool Version 1.0

Since the 0.1 release we've added a number of features, and are blessing the latest version as 1.0.

Amazon introduced VPC Flow Logs last June, which have become an important source of network data for Observable. In August we released the first version of our command line tool and Python library for working with VPC Flow Logs, flowlogs-reader. Since the 0.1 release we've added a number of features, and are blessing the latest version as 1.0.

Continue Reading

Introducing kinesis-logs-reader

Learn more about kinesis-logs-reader, which was introduced last week at Seattle AWS User Group.

This blog post introduces kinesis-logs-reader, an open-source Python library and command line tool for working with large volumes of Amazon VPC Flow Logs (and other Cloud Watch Logs data) using Kinesis. We gave a live demo of the new tool to the group of Seattle AWS Architects & Engineers at the SURF Incubator last week.

Continue Reading