Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Fast, consolidated, and context-rich detections from Uptycs will keep security analysts sane

Fast, consolidated, and context-rich detections from Uptycs will keep security analysts sane

Today, Uptycs is introducing enhanced detection capabilities, including a new detections UI that correlates signals (events and alerts), assigns a composite threat score, and maps the associated signals to the MITRE ATT&CK matrix. This new experience equips analysts with the context they need to quickly triage their detections queue without feeling like they’re missing anything. Watch the demo video below to see the new functionality in action.

Osquery and JA3: Detecting Malicious Encrypted Connections Locally

Osquery and JA3: Detecting Malicious Encrypted Connections Locally

Network traffic encryption is increasing. This increase is driven by demand for privacy protection and the availability of great services for deploying certificates for free. According to Google’s Transparency Report, 88% of web traffic performed on Chrome for Windows is encrypted, and that number is higher for macOS, Android, and ChromeOS. The encryption trend is even clearer when you look at the percentage of HTTPS browsing time in the Transparency Report. At the same time, malware is also following this trend, as the increased security allows attackers to evade some detection mechanisms.

Harnessing the AWS Nitro Architecture to Encrypt Inter-Node Traffic in Kubernetes

Harnessing the AWS Nitro Architecture to Encrypt Inter-Node Traffic in Kubernetes

Kubernetes nodes – the machines responsible for running your container workloads – can come in a number of shapes, sizes, and configurations. One common deployment pattern, however, is a lack of in-transit encryption between them.

Another common deployment pattern? Lack of TLS support on the container workloads themselves. After all, who wants to set up and manage a PKI (Public-Key Infrastructure) and a private CA (Certificate Authority) for tens or hundreds of microservices, and get the certificates to be trusted by all workloads? I don’t know about you, but that doesn’t sound like a lot of fun to me.

Endpoint Visibility: 5 Best Practices To Optimize Your Security

Endpoint Visibility: 5 Best Practices To Optimize Your Security

Endpoint visibility is crucial because most attacks begin on endpoints used by people—not the firewall or your servers. Typically, attackers gain control over these entry points to the network through techniques like phishing; from there, they can move laterally to access your servers. This type of activity currently accounts for over 80% of reported incidents, according to CSO.

Should We Blocklist Newly Registered Domains?

Should We Blocklist Newly Registered Domains?

Uptycs' threat intelligence team collects over a million indicators every week to provide the latest threat data. All of this data is downloaded from more than 40 publicly available sources which we then put into eight categories including:

How to Achieve PCI-Compliant FIM and Endpoint Security with One Tool

How to Achieve PCI-Compliant FIM and Endpoint Security with One Tool

Monitoring critical system files, configuration files, and content files for unusual or unauthorized activity is one of the core requirements of the PCI-DSS, the payment card industry’s security standard. As such, file integrity monitoring (FIM) is a necessary activity for companies that process or store credit card data. Security teams can choose from any number of endpoint security tools to handle FIM for PCI compliance, but some solutions do more than others.

Page 1 of 2: