Three Questions: Smart Sanctions and The Economics of Cyber Deterrence
The concept of deterrence consistently fails to travel well to the cyber realm. One (among the many) reasons is that, although nuclear deterrence is achieved through nuclear means, cyber deterrence is...
View ArticleMeet Endgame at AWS re:Invent 2015
See how we automate the hunt for cyber adversaries.Stop by Booth #1329 to:SEE A DEMO OF ENDGAME PRODUCTSSign up here for a private demo to learn how we detect attacks that:Use native tools to locate,...
View ArticleClik here to view.
MinHash vs. Bitwise Set Hashing: Jaccard Similarity Showdown
As demonstrated in an earlier post, establishing relationships (between files, executable behaviors, or network packets, for example) is a key objective of researchers when automating the hunt. But,...
View ArticleWebinar: Automating the Hunt for Network Intruders
As adversaries - whether criminal or otherwise - make use of increasingly sophisticated attack methods, network defenses have not kept pace; they remain focused on signature-based, reactive measures...
View ArticleEmpty Promises, Broken Memes: Why Skepticism Should Prevail When It Comes to...
Last week’s understanding reached between Chinese President Xi Jinping and US President Barack Obama highlighted the attempt to mitigate the growing tension between the countries over espionage. In...
View ArticleClik here to view.
To Patch or Not to Patch? The Story of a Malicious Update
While it’s unlikely that Shakespeare had patching in mind when he penned “to be or not to be”, I started thinking about this seemingly simple question the other day when I heard about a recent...
View ArticleClik here to view.
The State of the State: Tech & Data Science
A few years ago Jeff Hammerbacher famously claimed that, “The best minds of my generation are thinking about how to make people click ads.” This seems to have only marginally changed with teams of...
View ArticleClik here to view.
Adobe Flash Vulnerability CVE-2015-7663 and Mitigating Exploits
Today Adobe released a patch for CVE-2015-76631 that addresses a vulnerability we discovered in Flash Player.The vulnerability exists due to the improper tracking of freed allocations associated with a...
View ArticleBeyond Privacy: Trans-Pacific Partnership & Its Potential Impact on the...
For months, there has been sharp criticism of the secret negotiations surrounding the Trans-Pacific Partnership (TPP), which is on track to becoming the world’s largest trade agreement covering 40% of...
View ArticleMay the Source Be With You: 4 Implications of China’s Latest Stance on the...
According to the Chinese state-run Xinhua news, the OPM breach, “turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. previously suspected.” Yesterday, the Washington...
View ArticleWhy Banning Tor Won’t Solve France’s National Security Problem
Throughout the second half of this year, there has been much heated debate about proposed changes to the Wassenaar Arrangement, which seeks to expand export controls on dual-use technologies, including...
View ArticleJamie Butler Cigital Podcast: On Enterprise Security and Thinking Like a Hacker
Today, Gary McGraw of Cigital spoke with our CTO Jamie Butler about enterprise security, thinking like an attacker, and his specialization in rootkit development. Head over to Cigital and listen in as...
View ArticleA New Year, A New Normal: Our Top Cybersecurity Predictions for 2016
Each of the last several years has been dubbed the “year of the breach,” or more creatively the “year of the mega-breach.” But instead of continuing this trend and calling 2016 the “year of the...
View ArticleClik here to view.
How Banks' Spending on Cybersecurity Ranks If They Were Small Countries
Last week, our team predicted the biggest cybersecurity trends in the new year – specifically, that as attacks grow in complexity and sophistication, breaches will be the new normal.Indicative of the...
View ArticleEndgame Crushes the Industry Average for Gender Diversity
In the State of the Union address on Tuesday, President Obama highlighted the important contributions of women in science and technology fields. Unfortunately, the tech industry on average has less...
View ArticleMoving Beyond the Encryption Debate
With the Cybersecurity Information Sharing Act snuck into the omnibus budget bill in December, and the horrific terrorist attacks in Paris and San Bernardino, encryption has returned front and center...
View ArticleDistilling the Key Aspects of Yesterday’s Threat Assessment, Budget Proposal,...
In light of the latest breach– including 200GB of PII of Department of Justice and FBI personnel – yesterday’s news from DC is all the more compelling. As is often the case, the most intriguing aspects...
View ArticleClik here to view.
Welcome to the Jungle: RSA 2016
RSA is just a few weeks away, and everyone is finalizing his or her dance cards. There are multiple opportunities to meet the Endgame team, and talk about everything from the Endgame Hunt Cycle to...
View ArticleEmploying Latent Semantic Analysis to Detect Malicious Command Line Behavior
Detecting anomalous behavior remains one of security’s most impactful data science challenges. Most approaches rely on signature-based techniques, which are reactionary in nature and fail to predict...
View ArticleGlimmers of Hope: Why All is Not Lost for Silicon Valley and DC
By most accounts, the dispute between Apple and the FBI over the San Bernardino attacker’s mobile phone has escalated tension between the tech community and the federal government. In one of the best...
View Article