Saturday, November 03, 2012

Epic week in Red Sky!

Despite the storm, it was very busy in the portal this week. Red Sky staff and member analysts participated in crowd-sourcing various targeted malware. We also posted relevant details on two ongoing large-scale Blackhole campaigns which were sourced by our Beadwindow members and are now being corroborated by the private member analysts. Fusion Report 29 will hit the press this weekend and describe a highly targeted incident which leveraged a backdoor that was specifically tailored for the target environment. The malware is not a known variant so the report will include a detailed analysis for future mitigation and correlation.

Beyond that, membership continues to grow! We picked up four new global members this week --a gas and oil company, a large player in the networking community, a new financial institution, and another global internet provider! Data is moving nicely as we round out the last quarter of our first year in operation. 

We’re in planning mode for 2013. Membership projections are looking good. We've got bookings already staged for next year, and we're looking for member feedback on several new features that might include full mobile access, real time encrypted communications, unified messaging, and semi-automated analytics to help reduce some of the manual burden of farming, correlation, and repetitive tasks.

Last, but certainly not least, our intern is preparing to fly the coop. He’s our first, and has ranked out in the top 10% of our peer reviewed analysts since starting with us in March. As a result, he’s currently listed as provisionally “Red Sky Certified” (RSc)*, and will qualify for one year certification in March if he sticks around that long. He graduates in December, and as promised, we’ve referred him into two member companies, and to make sure we align with his long term goals, we introduced him into a third, non-member company. I’ll let you know where he finally lands, but this is very exciting. We’ve narrowed down next year’s crop of interns to four, and will be working them through a filtering process over the next couple of weeks. Interested in learning cyber analytics in the APT space? Drop our Academic Director a note.

Until next week!
Have a great weekend!

* Red Sky certified (RSc) is granted provisionally after two quarters of ranking in the top 10% of all peer reviewed analysts in Red Sky. Four consecutive quarters of top 10% peer reviews earns one year of Red Sky Certification. Three years certified makes it permanent.

Thursday, November 01, 2012

Beadwindow is growing!

We kicked off our "Beadwindow" portal a couple of months ago with the idea that we could give government participants a place to quietly share notes with the private sector companies in the Red Sky Alliance.  While participation isn't as strong as we see on the Red Sky private portal, we are seeing growth as a result of a couple of new features:
  • Beadwindow users enjoy access to our Malware Analyzer: Imagine working in an information security shop and not having access to a malware analyzer! One of our top community analysts has probably pushed 150 malware samples through our MAG2, and tells us it saves him a ton of time every day. In an average processing time of less than a minute, he learns very quickly, which code, URLs, or documents are bad, and if so, how he can block the C2 before losing any more data. He then takes the analysis from our analyzer and starts looking for other instances of the same code in his network. 59 second average triage malware analysis time and expert assistance from our back-end team if needed. Where else can he go to get that?
  • Cross portal communications: As of today Beadwindow users can now tag a question to be posted to the Red Sky private portal. This is especially useful when comparing notes between the two. We've had a couple of cases, even in this short period of time, where activities in one also targeted folks in the other. The benefits have been incredible. A direct result of this is two new Red Sky private portal users have requested (and were given) accounts on the Beadwindow portal. 
  • Beadwindow users get the same direct access to Red Sky analysts as the private portal -this means full length unclassified Fusion Reports based on actual cases you're talking about in the portal, with easy to use, high confidence actionable indicators that can be cut and pasted directly into your own sensors.
Join the conversation! Federal, State, Local, or tribal, we don't care. Take advantage of the Beadwindow analytic capabilities and embed Beadwindow into your daily routine and incident response processes. We've created special rate plans for government and academic users who would like to participate in Beadwindow. So, if you'd like to 'poll the audience' all you have to do is ask!

Last, looking for training?  Are you an analyst with training in another discipline who's just jonesing to get into cyber but can't seem to catch a break?  We've got three interns signed up for 2013 and one more possibly on the way, but we're always looking for wounded warriors or other folks who might have crazy m4d research, analytic and writing skills but need to be taught cyber. Red Sky and Beadwindow are now offering a training program for those who are willing to commit and study hard. Once completed, if you do well, we'll introduce you to our membership for your next job. Our first Intern is going through the process as we speak. Interested? Drop me a note or contact our Director of Academic Services directly.