Saturday, November 17, 2012

Red Sky Weekly - 11/17/12

It was another busy week. This Thursday we saw more malware submissions to the portal -- the most we have received in a single day. While many submissions stop at automated analysis, many also undergo human analysis by either Red Sky or members of the Alliance. One of the pieces submitted on Thursday included an unknown variant for which we performed same-day protocol analysis. This resulted in a tailored signature for identifying the encoded communications. 

This week:
  • Fusion Report 31 was released and details a new variant of a previously observed downloader. The report provided analysis on probable targeting requirements for the actors and included four new snort signatures for detecting the unique user agents generated by the malware.  This was a really good example of what we’re trying to do in Red Sky Alliance and in the Beadwindow portal. Hit with malware --we handled it nicely --our MAG device is supposed to be able to process up to 40K pieces per day.. we’ve not exercised that yet but maybe someday. FR-31 was tipped off by malware, but the report offered a number of new indicators and what we believe the actor was actually trying to find in the network. If you knew ‘where’ you needed to protect as well as ‘how’ you could protect it, wouldn’t that be of value? Of course!
  • This week we attended FedCyber. It was great running into folks I'd worked with in the government. Thanks to Bob Gourley for the invite!
  • Red Sky attended SAGE in Portland, ME and Vistage in Boston. Vistage is a CEO group, but SAGE is a security group and resulted in several requests for Red Sky Alliance introductions.

Last, we’re honoring our Founding Member prices through the end of this year. After that, they’re gone. While most will not be brought into the Advisory Board, the price holds through 12/31. We’re accepting full members and associate (vendor) members at 2012 prices. Don’t wait.

Until next week.
Jeff