Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Security Insights for Linux, macOS and Containers | threat intelligence

Should We Blacklist Newly Registered Domains?

Should We Blacklist Newly Registered Domains?

Uptycs' threat intelligence team collects over a million indicators every week to provide the latest threat data. All of this data is downloaded from more than 40 publicly available sources which we then put into eight categories including:

Investigating Threat Alerts with Osquery: Understanding Threat Surface & Risk

Investigating Threat Alerts with Osquery: Understanding Threat Surface & Risk

The Uptycs Threat Intelligence team is responsible for providing a high quality, curated, and current Threat Intelligence feed to the Uptycs product. In order to deliver the threat feed, the team evaluates every single alert that is seen by our customers, and investigates the alert as feedback into the threat feed curation process. Recently we observed a malicious domain alert from a customer. The out-of-the-box alert description indicated that it belonged to the OSX/Shlayer malware family. We were quickly able to query Uptycs threat intelligence to find that the domain first appeared on February, 2019 and was reported by multiple threat intel sources. Once the threat was validated, we dove into deeper investigation to understand the threat surface and risk. This post walks through the steps and techniques we performed to analyze data that had been collected via osquery, and aggregated in Uptycs.

What Is Cyber Threat Hunting? [2019]

What Is Cyber Threat Hunting? [2019]

Threats to cyber security have been around for decades, but the sophistication and motivations of attackers have evolved. In the early days, they carried out relatively simple, insignificant attacks in an attempt to show off their programming abilities; now, sophisticated cybercriminals (sometimes sponsored by governments and companies) launch serious attacks to steal products and ideas, or other data, from digital infrastructure.

Why Real Time Threat Intelligence Isn’t Enough

Why Real Time Threat Intelligence Isn’t Enough

Detecting security threats is difficult work, now more so than ever. Our threat intelligence tools are playing catch-up with increasingly sophisticated attack vectors, including polymorphic malware, quick-turn domains and other turn-on-a-dime attack tactics.