Author: Gregor Debus

Misc
by Gregor Debus

Assessing Endpoint Protection: Our Approach to EDR/XDR and Supplements Evaluation

There is a growing landscape of security products promising to protect an organization’s IT infrastructure from attacks. Solutions referred to as EDR, and sometimes also as XDR, are designed to protect endpoints from all malicious activity. The ever-increasing cases of breaches and the associated costs, especially in the realm of ransomware attacks, raise the question of whether there is more that can be done to add an additional layer to traditional endpoint protection concepts. That is why a customer of ours commissioned us to evaluate whether EDR supplementing solutions provide extended protection against ever-evolving threats, as well as to shine a light on the performance overheads those solutions might introduce.

This blog post describes the methodology we use to evaluate and compare different EDR solutions for our customers. Given the growing number of sophisticated attacks, it is important not only to look at detection rates in isolation but to assess how these solutions perform under realistic conditions.

Continue reading “Assessing Endpoint Protection: Our Approach to EDR/XDR and Supplements Evaluation”

Continue reading
Breaking
by Gregor Debus

CVE-2024-11035: Minor Security Issues in VMware Carbon Black Cloud

We recently conducted a security assessment of VMware Carbon Black Cloud, a unified SaaS solution that integrates endpoint detection and response (EDR), anti-virus, and vulnerability management capabilities. As part of our evaluation, we tested the solution’s ability to detect and prevent malicious activity on Windows and Linux systems. Our analysis focused on the Carbon Black agents for these platforms, and although we did not identify any critical vulnerabilities, we want to share some of the findings in this blog post.

Continue reading “CVE-2024-11035: Minor Security Issues in VMware Carbon Black Cloud”

Continue reading
Misc
by Gregor Debus

Select * from OpenStack – A Steampipe Plugin for OpenStack

Although, more and more companies start to move their IT-Infrastructure from on-premise to public cloud solutions like Amazon Web Services (AWS) and Microsoft Azure, public cloud providers are not an option for every organization. This is where private cloud platforms come into play as they give organizations direct control over their information, can be more energy efficient than other on-premise hosting solutions, and offer companies the possibility to manage their data centers efficiently. OpenStack is a widely deployed, open-source private cloud platform many companies and universities use.

With companies and organizations moving their resources to the cloud, the security of the cloud deployment moves into focus. To ensure security in private and public cloud deployments, cloud security benchmarks are developed. The Center for Internet Security (CIS) maintains several benchmarks for public cloud providers like the AWS Foundations Benchmark or the Azure Foundations Benchmark.

As the number of deployed resources in cloud deployments can be extensive, tools for automated checking of these benchmarks are needed. Steampipe is such a tool. It offers automated checks for various cloud providers with good coverage of security standards and compliance benchmarks.

Since for OpenStack no Steampipe plugin existed, we implemented it. This blog post aims to provide a deeper understanding of how OpenStack and Steampipe work and how the Steampipe plugin for OpenStack can be used to query deployed cloud resources for insecure configuration via SQL.

TL;DR; In this blog post we present our Steampipe plugin for Openstack we’ve just released as open source. It can help you to automate checking your OpenStack resource configuration for common security flaws.

Continue reading “Select * from OpenStack – A Steampipe Plugin for OpenStack”

Continue reading