Clik here to view.
Lessons Learned from Debugging Python
When developing large-scale backend code, predicting system behavior from an application is crucial for engineers to build a more scalable and stable architecture. Unfortunately, high-level scripting...
View ArticleClik here to view.
Hack Week @ Endgame
Earlier this year, Endgame hosted its annual all-hands meeting, bringing together our team from across the country for internal discussions, technical talks, and social events. This was followed by our...
View ArticleToward a Cyber Deterrence Strategy?
Almost a year to the date after the White House cybersecurity executive order, the Department of Homeland Security (DHS) last week released a new Cybersecurity Strategy. The DHS strategy reinforces its...
View ArticleClik here to view.
The ATT&CK Matrix Revolution in Security
Twenty years ago a group of infosec experts testified to Congress on the fragility of digital security. To commemorate that testimony, they returned to Capitol Hill last week with a similar conclusion....
View ArticleIntroducing Event Query Language
Adversarial activity is no longer described purely in terms of static Indicators of Compromise (IOCs). Focusing solely on IOCs leads to detections which are brittle and ineffective at discovering...
View ArticleClik here to view.
What Year Is It? VB6 Payload Crypter
Last year, researchers identified new crimeware, Loki-Bot, which steals data and login credentials. Loki-Bot is generally distributed through malicious spam, and is difficult to identify without...
View ArticleClik here to view.
How We Built Our Automated UI Testing Framework
When I recently joined Endgame as an intern on the Quality Assurance (QA) team, I was tasked to build a reliable and scalable automated UI testing framework that integrates with our manual testing...
View ArticleClik here to view.
The Growing Reach of Anti-Government Hacktivism: Is the World Cup Next?
With seismic events already linked to the men’s World Cup, many wonder what other kinds of activities we may see. Cybersecurity discussions of the World Cup have largely focused on the criminal...
View ArticleToday's Indictment in Context.....Again
Today’s indictment continues the uptick in the use of indictments to counter cyber attacks and disinformation which, in conjunction with automation, reflect the authoritarian playbook for interference...
View ArticleEndgame Presents: Hacker Summer Camp 2018
In just a few weeks, the security industry will flock to Las Vegas for Black Hat, DEF CON, and BSides Las Vegas, also known as “Hacker Summer Camp”. It is one of the biggest weeks in security, and...
View ArticleIt Takes AI Village
In early August, security practitioners from around the world will descend upon Las Vegas for a week of talks, demos, and CTFs. The conference lineup of BSides Las Vegas, Black Hat, and DEF CON...
View ArticleIt’s the Endgame for Phishing
With version 3.0 of the Endgame Protection Platform, Endgame has delivered the best prevention against document-based phishing attacks - the execution of malicious documents attached to email or...
View ArticleClik here to view.
How Endgame Protects Against Phishing from Macro-Enabled Documents
Phishing continues to be one of the most effective methods of compromise according to Verizon’s Data Breach Investigations Report. Adversaries often use crafted documents containing malicious macros...
View ArticleClik here to view.
Plight at the End of the Tunnel
DNS tunnelling is a technique that misuses Domain Name System (DNS) to encode another protocol’s data into a series of DNS queries and response messages. It received a lot of attention a few years ago,...
View ArticleClik here to view.
Opening the Machine Learning Black Box with Model Interpretability
When optimizing machine learning (ML) models, model performance often is prioritized over model interpretability. However, in the field of information security interpretability is a sought after...
View ArticleClik here to view.
Detecting Phishing With Computer Vision: Part 1, Blazar
Yesterday, Microsoft announced the discovery and removal of websites spoofed by the Russian military that mimic real Senate and political organizations' sites. As their blog notes, “Attackers want...
View ArticleClik here to view.
Detecting Phishing With Computer Vision: Part 2, SpeedGrapher
In the previous post, we discussed the problem of phishing and why computer vision can be a helpful part of the solution. We also introduced Blazar, our computer vision tool to detect spoofed URL....
View ArticleClik here to view.
Beware Steep Decline: Understanding Model Degradation in Machine Learning Models
Machine learning (ML) models are often designed to make predictions about future data. However, over time many models’ predictive performance decreases as a given model is tested on new datasets within...
View ArticleForbes Cloud 100
From the day Endgame shipped its first product, our mission has been to protect the world’s data from attack by simplifying and scaling an organization’s ability to tackle what would otherwise be a...
View ArticleClik here to view.
Kernel Mode Threats & Practical Defenses: Part 1
Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot have helped curtail once-widespread commodity kernel mode malware including TDL4 and...
View ArticleContinuity and Change within the New National Cyber Strategy
The release of the National Cyber Strategy (NCS) yesterday marks the culmination of multiple new cyber policy directives and strategic documents. From the continuous engagement described in the Command...
View ArticleClik here to view.
Kernel Mode Threats & Practical Defenses: Part 2
In our last post, we described the evolution of kernel mode threats. These remain a prominent mode of compromise for nation-state attackers, as they are difficult to detect and enable robust...
View ArticleElection Interference: Think Globally, Act Locally
Election interference analyses remain retrospective and insular, focusing largely on the U.S. 2016 presidential election, and the cyber-enabled data theft, disinformation, and bots involved. That was...
View ArticleSpotlight Interview: Ian McShane
New Endgamer, Ian McShane, sat down with us to answer a few questions about what led him here. Our discussion explored UX in security, avoiding the ‘one size fits all’ model, and what's next for him as...
View ArticleClik here to view.
Deobfuscating PowerShell: Putting the Toothpaste Back in the Tube
One lesson that security professionals learn early on is that attackers don’t like to make your job easy. They have a range of techniques to obfuscate location, network traffic, or raw code. This in...
View ArticleClik here to view.
Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note...
Despite a decrease in deployment in 2018, ransomware remains a widespread problem on the Internet as malicious actors seek to shift towards more targeted campaigns (e.g. SamSam) and leverage more...
View ArticleA Security Architecture First: Deployment Flexibility + Comprehensive...
Today we announced the availability of version 3.3 of the Endgame platform, our seventh update of 2018. This release includes the industry’s first flexible architecture to fully support cloud,...
View ArticlePutting the MITRE ATT&CK Evaluation into Context
Today, MITRE published the results of their first public EDR product evaluation. This effort was a collaboration between MITRE and seven EDR vendors to understand how various products can be used to...
View ArticleEQL for the Masses
EQL, or the Event Query Language, is an elegant, powerful, and extensible language built in-house at Endgame to express relationships between security-relevant events. We designed it from the ground up...
View ArticleClik here to view.
Getting Started with EQL
If you missed our introductory post about the Event Query Language (EQL) or our recent announcements about the public release of EQL, then we're sorry we missed you, but have no fear, this is your...
View ArticleClik here to view.
Here's why we can't have nice things
DATA MISAPPROPRIATION CHEAPENS MITRE ATT&CK EVALUATION, BUT HERE’S WHAT IS IMPORTANT...As a former Gartner analyst who led the EPP Magic Quadrant, I’m having a blast reading the vendor write-ups...
View ArticleClik here to view.
Postmortem: Beating the NATS race
At Endgame Engineering, we believe that a high standard for performance can’t exist without taking risks and learning from failure. It’s necessary for growth. We learn from other companies like...
View Article2018 in Review: Beyond the FUD
Looking back over 2018, we saw the good and bad that comes with widespread use and abuse of the Internet. Data breaches continued throughout the year, with several in 2018 being among the largest of...
View ArticleYear In Review: Our Top Posts From 2018
Happy New Year! Before we dive back in, we wanted to take a quick look back at a few of your favorites. Here are our five most popular posts from 2018:#1 - Putting the MITRE ATT&CK Eval into...
View ArticleClik here to view.
Elevator Assets: Building Your Mission-Focused Team
I recently had a great time as a guest on the CISO/Security Vendor Relationship podcast with David Spark and Mike Johnson, CISO of Lyft. Part of our discussion focused on the challenges of hiring in...
View ArticleIs MITRE ATT&CK the New “Next-Gen”?
It’s been 18 months since Endgame became the first endpoint protection vendor to go through a publicly disclosed ATT&CK tactics-based simulation run by the MITRE Corporation. Our early adoption and...
View ArticleClik here to view.
Here's How We Do The Numbers
I spoke to a few IT leaders around the HIMSS conference last week. All of them expressed both a knowledge of the ATT&CK matrix and recent evaluations, and most of them also confessed to confusion...
View ArticleOn Military-grade, MITRE ATT&CK™, And You
To quote our very own Ian McShane (so he doesn’t always have to quote himself), “there are many things US military and commercial organizations don’t have in common: clothes, transportation, hopefully...
View ArticleWhy We Release Our Research
Last week in an unprecedented move, researchers at OpenAI stated that with the announcement of their powerful new language model, they would not be releasing the dataset, code, or model weights due to...
View ArticleClik here to view.
Going “Deep” with Artemis 3.0
Over two years ago we announced Artemis, Endgame’s natural language interface to facilitate and expedite detection and response. During that time, we’ve learned how security workers employ the...
View ArticleClik here to view.
Military Appreciation Month: Employee Perspectives
With observances including Memorial Day, Military Spouse Appreciation Day, and Armed Forces Day, it’s fitting that May has been designated Military Appreciation Month. It’s also a special month to...
View ArticleClik here to view.
What is Reflex?
We are excited to announce the release of Reflex™. Reflex is the first technology to move customized protection within reach of security teams, combining a flexible architecture, query language, and a...
View ArticleJoining Forces with Elastic
We are excited to announce that Endgame has entered into an acquisition agreement to join forces with Elastic N.V. (NYSE: ESTC). Together, we will bring to market a holistic security product that...
View ArticleClik here to view.
Investigating HTTP2 performance with Go
At Endgame Engineering, experience has shown us that small errors in the edge cases of web service connection lifecycles can eventually contribute to production outages. So we believe it’s worth the...
View ArticleClik here to view.
Getting Things Done with Endgame 3.10
Cyber security. It’s not always about hunting down the bad guys and gals. Sometimes you just gotta get things done, but getting things done is hard. There are many, many vendors in the EDR/EPP space...
View ArticleEndgame Completes Successful SOC 2 Compliance Audit
Today, Endgame is excited to announce that we have successfully completed the Service Organization Control (SOC) 2 Type 1 audit. Conducted by an independent third party, the audit affirms that...
View ArticleClik here to view.
EQL’s Highway to Shell
It has been an exciting summer in the security community for the Event Query Language (EQL) as we delivered presentations at Circle City Con and Bsides San Antonio. These talks showcased creative ways...
View ArticleExtending EMBER
Last year, Endgame released an open source benchmark dataset called EMBER (Endgame Malware BEnchmark for Research). EMBER contains 1.1 million portable executable (PE file) sha256 hashes scanned in or...
View ArticleMachine Learning Static Evasion Competition
As announced at DEFCON’s AIVillage, Endgame is co-sponsoring (with MRG-Effitas and VM-Ray) the Machine Learning Static Evasion Competition. Contestants construct a wihte-box evasion attack with access...
View ArticleClik here to view.
Visualizing Security Data with Canvas
As we have explored in prior blog posts, Endgame uses Elasticsearch as its main data store for its alerts and investigation workflows. Moreover, a number of our customers and prospects rely on...
View Article