Tech Blog Posts

Taking a Crack at Locky

Since mid-February, security researchers have been encountering Locky, the latest ransomware tool in the adversary’s arsenal. The engineers at MetaFlows observe Locky primarily in email attachments that are processed using the MetaFlows sandbox. On networks being monitored by MetaFlows sensors, the engineers are able to take samples of inbound .zip email attachments and send them to a Cuckoo Sandbox to be processed. The sandbox runs the sample in a virtual machine and is able to detect malicious behavior. Often malware tries to evade detection, but since Locky is trying to get noticed by the user anyway, it is not subtle. Locky typically triggers over a dozen indicators of compromise and IDS signatures on the sandbox and therefore, is almost impossible to miss.

Blazing Trails in Teaching Talend: Meet Rick Sherman

Rick Sherman is an author, educator, and a managing partner of Athena IT Solutions. His book, Business Intelligence Guidebook: From Data Integration to Analytics, was published by Morgan Kaufmann in 2014. As an educator, he has worked as an adjunct professor for over thirteen years at Northeastern University and teaches classes on business intelligence, analytical architecture, data integration and data warehousing. He has more than thirty years of experience in big data and warehousing solutions. His experience along with his passion for educating others makes him Talend’s Champion of the Quarter.

Feature Highlight: Snort Rule Editor

Recently, the Snort Rule Editor as a part of the Rules Management Interface has been updated.  This redesign allows for increased flexibility and provides the user with more of a handle on the IPS rules settings.

How It Works

Entering the Rules Management Interface is easy and can be accessed from two possible locations.  From the View Sensors page, the user can select the Edit Rules link to enter the Rules Management Interface. The user can also navigate to the Rules Management Interface from the Main Menu link.