Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Detecting the SolarWinds supply chain attack using osquery and Uptycs

Detecting the SolarWinds supply chain attack using osquery and Uptycs

On December 13, FireEye shared details on the SolarWinds supply chain attack, dubbed SUNBURST. The next day, Volexity shared additional information on the lateral movement and exfiltration activities of the attackers.

Osquery: What it is, how it works, and how to use it

Osquery: What it is, how it works, and how to use it

Maintaining visibility into infrastructure and operating systems is critical for all organizations today—compliance, security, and your bottom line depend on it.

Fast, consolidated, and context-rich detections from Uptycs will keep security analysts sane

Fast, consolidated, and context-rich detections from Uptycs will keep security analysts sane

Today, Uptycs is introducing enhanced detection capabilities, including a new detections UI that correlates signals (events and alerts), assigns a composite threat score, and maps the associated signals to the MITRE ATT&CK matrix. This new experience equips analysts with the context they need to quickly triage their detections queue without feeling like they’re missing anything. Watch the demo video below to see the new functionality in action.

Investigating threat alerts with osquery: Understanding threat surface and risk

Investigating threat alerts with osquery: Understanding threat surface and risk

The Uptycs Threat Intelligence team is responsible for providing a high quality, curated, and current Threat Intelligence feed to the Uptycs product. In order to deliver the threat feed, the team evaluates every single alert that is seen by our customers, and investigates the alert as feedback into the threat feed curation process. Recently we observed a malicious domain alert from a customer. The out-of-the-box alert description indicated that it belonged to the OSX/Shlayer malware family. We were quickly able to query Uptycs threat intelligence to find that the domain first appeared on February, 2019 and was reported by multiple threat intel sources. Once the threat was validated, we dove into deeper investigation to understand the threat surface and risk. This post walks through the steps and techniques we performed to analyze data that had been collected via osquery, and aggregated in Uptycs.

Building Your Cyber Security Strategy: A Step-By-Step Guide

Building Your Cyber Security Strategy: A Step-By-Step Guide

A cyber security strategy is fundamental in helping your company take a proactive approach to security instead of reacting to every new threat, which can be time consuming and expensive. Whether you have an outdated strategy in place or you are starting from scratch, you can use this guide to get started building an effective and strategic cyber security plan.

Why Real Time Threat Intelligence Isn’t Enough

Why Real Time Threat Intelligence Isn’t Enough

Detecting security threats is difficult work, now more so than ever. Our threat intelligence tools are playing catch-up with increasingly sophisticated attack vectors, including polymorphic malware, quick-turn domains and other turn-on-a-dime attack tactics.

Page 1 of 3: