Log4J/LogShell (CVE-2021-44228) exploit IOC have been published by Cisco Talos (see: https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html). These IOC have been packaged as a WitFoo Actor definition and have been pushed to all production instances of WitFoo Precinct and Precinct Cloud. The definitions were automatically applied at 1404 Eastern Standard time on December 14, 2021. Detections are both forward looking and retrospective across the entire Precinct big-data archive.

Actor functionality has been pushed early (ahead of 6.2 GA release) to allow data to be searched. A quick overview of the functionality can be viewed below.

My presentation for Metric Driven DevOps delivered at the 2021 Georgia ISSA Annual conference can be downloaded here. Abstract is below.

METRIC DRIVEN DEVOPS

Technical Level: Advanced
Audience: Data & System Architects, Developers

Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development. It will cover the following topics:

Machine Learning Driven Social Engineering talk will be given at GrrCon on 9/16/2021 at 4:30pm.

Abstract

Machine learning (ML) is arguably the most potent advancement in technology since atomic fission with similar benefit and risk extremes. The outcome driven nature of machine learning allows computers to rapidly test theories to find pathways to support specific goals. These approaches applied to social engineering can be used to manipulate human factors for purposes including cybersecurity breach. This session will cover the philosophies, strategies and tactics used to accomplish a successful campaign to recruit human assets to a cause. Factors to mitigate risk in these advanced social engineering attacks will also be examined.

The presentation can be downloaded here.

Brewers CAP Theorem

Computer Scientist, Eric Brewer, stipulated in the theorem that carries his name that you can have two out of three guarantees in distributed data storage with the guarantees being consistency, availability and partition tolerance. The limitations in Brewer’s “CAP” Theorem are not only key in solving modern big-data challenges, they also are critical in solving big-business issues.

Business as a Data Lake

It may be that 6 years running hundreds of experiments across different data philosophies and platforms have created long-term trauma that makes every problem in life look like a big-data problem but I cannot help but notice some parallel lessons between data lakes and organizations.

WitFoo Precinct persists and replicates data on big-data NoSQL platform Apache Cassandra. Precinct 6.1.3 is built on Cassandra 3.11. In preparation for upgrade to Cassandra 4.0, the following lab & production testing was conducted.

Lab Appliances

WitFoo Precinct clusters consisting of 1 Management, 1 Streamer and 3 Data nodes were deployed in AWS using the official Marketplace images. The instances were configured to use AWS GP2 SSD drives (the recommended default) and were running on c5d.2xlarge hardware (16GB RAM, 8 CPU Cores.)