Clik here to view.
How Endgame Protects Against Phishing from Macro-Enabled Documents
Phishing continues to be one of the most effective methods of compromise according to Verizon’s Data Breach Investigations Report. Adversaries often use crafted documents containing malicious macros...
View ArticleClik here to view.
Plight at the End of the Tunnel
DNS tunnelling is a technique that misuses Domain Name System (DNS) to encode another protocol’s data into a series of DNS queries and response messages. It received a lot of attention a few years ago,...
View ArticleClik here to view.
Opening the Machine Learning Black Box with Model Interpretability
When optimizing machine learning (ML) models, model performance often is prioritized over model interpretability. However, in the field of information security interpretability is a sought after...
View ArticleClik here to view.
Detecting Phishing With Computer Vision: Part 1, Blazar
Yesterday, Microsoft announced the discovery and removal of websites spoofed by the Russian military that mimic real Senate and political organizations' sites. As their blog notes, “Attackers want...
View ArticleClik here to view.
Detecting Phishing With Computer Vision: Part 2, SpeedGrapher
In the previous post, we discussed the problem of phishing and why computer vision can be a helpful part of the solution. We also introduced Blazar, our computer vision tool to detect spoofed URL....
View ArticleClik here to view.
Beware Steep Decline: Understanding Model Degradation in Machine Learning Models
Machine learning (ML) models are often designed to make predictions about future data. However, over time many models’ predictive performance decreases as a given model is tested on new datasets within...
View ArticleForbes Cloud 100
From the day Endgame shipped its first product, our mission has been to protect the world’s data from attack by simplifying and scaling an organization’s ability to tackle what would otherwise be a...
View ArticleClik here to view.
Kernel Mode Threats & Practical Defenses: Part 1
Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot have helped curtail once-widespread commodity kernel mode malware including TDL4 and...
View ArticleContinuity and Change within the New National Cyber Strategy
The release of the National Cyber Strategy (NCS) yesterday marks the culmination of multiple new cyber policy directives and strategic documents. From the continuous engagement described in the Command...
View ArticleClik here to view.
Kernel Mode Threats & Practical Defenses: Part 2
In our last post, we described the evolution of kernel mode threats. These remain a prominent mode of compromise for nation-state attackers, as they are difficult to detect and enable robust...
View ArticleElection Interference: Think Globally, Act Locally
Election interference analyses remain retrospective and insular, focusing largely on the U.S. 2016 presidential election, and the cyber-enabled data theft, disinformation, and bots involved. That was...
View ArticleSpotlight Interview: Ian McShane
New Endgamer, Ian McShane, sat down with us to answer a few questions about what led him here. Our discussion explored UX in security, avoiding the ‘one size fits all’ model, and what's next for him as...
View ArticleClik here to view.
Deobfuscating PowerShell: Putting the Toothpaste Back in the Tube
One lesson that security professionals learn early on is that attackers don’t like to make your job easy. They have a range of techniques to obfuscate location, network traffic, or raw code. This in...
View ArticleClik here to view.
Stop and Step Away from the Data: Rapid Anomaly Detection via Ransom Note...
Despite a decrease in deployment in 2018, ransomware remains a widespread problem on the Internet as malicious actors seek to shift towards more targeted campaigns (e.g. SamSam) and leverage more...
View ArticleA Security Architecture First: Deployment Flexibility + Comprehensive...
Today we announced the availability of version 3.3 of the Endgame platform, our seventh update of 2018. This release includes the industry’s first flexible architecture to fully support cloud,...
View ArticlePutting the MITRE ATT&CK Evaluation into Context
Today, MITRE published the results of their first public EDR product evaluation. This effort was a collaboration between MITRE and seven EDR vendors to understand how various products can be used to...
View ArticleEQL for the Masses
EQL, or the Event Query Language, is an elegant, powerful, and extensible language built in-house at Endgame to express relationships between security-relevant events. We designed it from the ground up...
View ArticleClik here to view.
Getting Started with EQL
If you missed our introductory post about the Event Query Language (EQL) or our recent announcements about the public release of EQL, then we're sorry we missed you, but have no fear, this is your...
View ArticleClik here to view.
Here's why we can't have nice things
DATA MISAPPROPRIATION CHEAPENS MITRE ATT&CK EVALUATION, BUT HERE’S WHAT IS IMPORTANT...As a former Gartner analyst who led the EPP Magic Quadrant, I’m having a blast reading the vendor write-ups...
View ArticleClik here to view.
Postmortem: Beating the NATS race
At Endgame Engineering, we believe that a high standard for performance can’t exist without taking risks and learning from failure. It’s necessary for growth. We learn from other companies like...
View Article