(Something better) change – Apr, 2023
Something’s happening and it’s happening right now… Ain’t got time to wait
Hi all. Can you believe this awesome Stranglers track was released in 1977! Pop it on, treat your ears, and take 3 minutes to catch up on our news for this month.
Feel free to drop us a line at firstname.lastname@example.org if anything here piques your fancy.
- GO WEST : We’re in San Francisco for B-Sides and RSA. Fancy a cup of tea / Aperol Spritz?
- HONEYPOT SEEDS : You can now plant seeds that will impersonate a range of devices on your network
- ALERT INTEGRATIONS : Send our alerts to your syslog and ServiceNow
- SEED IMPACT RATINGS : The location of your seed deployments is considered in the calculation of your event priorities
Go West !
Are you even a startup if you’ve not spent time in San Francisco? Can you truly call yourself a cybersecurity professional if you don’t attend B-Sides and RSAC ?
Given our plans for a future fundraising round, and our motivation to keep our skills sharp, we took the 11 hour flight, and have spent the last few days meeting new and old friends, and picking up on the latest techniques within our industry
I’ll put together a more detailed write-up of our highlights when I get back, but in summary, B-Sides was a blast; some great content and fantastic speakers. Now we’re looking forward to a busy schedule of investor and prospective customer meetings, and the RSA Conference (along with a few social events on the side.
If you’re around, and want to catch up, just email us on email@example.com
We’re proud to announce the first version of our honeypot seeds are available in the seedata.io platform. Users can now deploy a virtual seed that impersonates either a Microsoft workstation, a Microsoft server, a Linux server or a printer. Initially, these seeds will be available for manual deployment, but we’re working on scheduled deployment capapbilities over this next month (stay tuned for an update in next month’s “Changes” update.
Once deployed, you’ll get alerts for any scan, request or logon event. We’ve got more work in this area planned. including a full catalogue of devices to impersonate, one-click integration and scheduled deployment, but for now, we’re pretty chuffed with the work to date. we hope you like them too (drop us an email at firstname.lastname@example.org if you’d like to try them out).
We’re clear that no matter how nice we make our UI, it’s still going to represent an unwelcomed addition to the number of screens your SOC team needs to look at. Our strategy for avoiding this pain is to integrate, especially regarding our outbound alerts.
This month, we’ve added a few more staple formats that our customers have asked for;
- ServiceNow : You provide an instance name and client ID/secret, and we will create a new issue for each alert
- SysLog (and CEF over SysLog) : We can now send our alerts as a SysLof or Common Events Format (CEF) message over SysLog, using TCP or UDP
Again, there’s plenty more work in this area planned, so if you have a specific integration you want to see, please just shout (email@example.com)
Seed Impact Ratings
Risk is a multifaceted term, but one aspect that is consistently required in any calculation of risk is the potential impact. Our platform is no different; we now capture impact and use it when calculating the priority of an event, along with other factors such as the threat rating of the event source, or the nature of their interaction with our seed.
Seed Impact will be specified during deployment time. Our thinking is that impact will vary based on the location you are planting a seed into. We capture it as a simple 1-5 rating (1 being the highest impact).
What else have we been up to?
Is the above not enough? Ok, well, there are a few more little things;
- Multiple Seed Planting Integrations : It’s now possible to create more than one concurrent integration for OneDrive or G-Drive
- Reports : You can now create a PDF report to show all information related to s single event
- New Dashboard Widgets : We’ve added new widgets to provide quick summary data, providing links to more detailed views
- Person seeds : Extending our email seeds to contain the values more typically required to represent a person
We’re really focussing on the infrastructure seeds journeys, and also how to extend our value into other tools and use cases. :
- More Honeypots : Our library of infrastructure seeds will be extended, to impersonate a “massive” range of devices, covering IT and OT devices.
- Integrations for on premise hosts : If you provide a host server, we’ll make it possible to automate the deployment of infrastructure seeds to it.
- Custom Analysis rules : Unique rules for how your organisation want analysis to be performed.
- Custom Alerts : This was worked on this month, but it’s not quite market ready yet.
- More integrations : We’ve added the generic capability (webhooks, syslog, etc), now we want to build vendor specific integrations, starting with Splunk and Palo Alto.
We hope you agree that we’re building something highly useful, but we really want you to share your thoughts and feedback; together, we’re stronger (as they say, at RSAC). We’re on firstname.lastname@example.org
Thanks, Enrico (CEO) and Matt (CTO)