Upgrade Site Security with CloudFlare Origin CA

Really interesting development from CloudFlare on encrypting the webs connections. Takes their ‘Flexible SSL’ to the next level and beyond.

“Faster, more secure alternative to public CA certificates for your CloudFlare-fronted servers. Extraneous overhead removed to optimize performance.

With Origin CA, we questioned all aspects of certificate issuance and browser validation, from domain control validation (DCV) to path bundling and revocation checking. We asked ourselves what cruft public CAs would remove from certificates if they only needed to work with one browser, whose codebase they maintained? Questions such as “why bloat certificates with intermediate CAs when they only need to speak with our NGINX-based reverse proxy” and “why force customers to reconfigure their web or name server to pass DCV checks when they’ve already demonstrated control during zone onboarding?” helped shape our efforts.”

Source: CloudFlare Origin CA



Big Data in Cybersecurity Conference – Live Stream

If anyone is interesting in any of the talks being delivered tomorrow (10th of May) at the Big Data in Cybersecurity Conference in Edinburgh, please see here to watch them live. This includes my own talk at 2pm which is: Splunk User Behavioural Analytics – Machine Learning for Threat Detection



Presenting at The International Big Data Conference in Cybersecurity

I’m privileged to have been asked by the Cyber Academy (thanks Bill!) to present a short session on the 10th of May at the International Big Data Conference in Cybersecurity!
Tickets are free for the conference but going fast if you fancied an interesting day of presentations and demos in Edinburgh: 

The title of my session (at 2pm) is ‘Splunk User Behavioural Analytics – Machine Learning for Threat Detection‘.

This will be the first public presentation / demo of significance I have delivered, so I’m looking forward to the challenge and seeing what development areas it identifies. Alongside being alongside some leaders in industry!



Misunderstanding APT Indicators of Compromise | Threatpost

A really interesting piece on IOCs (Indicators of Compromise) and how the term is often misunderstood and used in ways which are misleading for marketing from security vendors.

It also makes use of a great definition from MITRE on what the difference between ‘Observables‘ and ‘Indicators‘.

Observables are stateful properties and measurable events pertinent to the operation of computers and networks. Information about a file (name, hash, size, etc.), a registry key value, a service being started, or an HTTP request being sent are all simple examples of Observables. […] Indicators are a construct used to convey specific Observables combined with contextual information intended to represent artifacts and/or behaviors of interest within a cyber security context. They consist of one or more Observables potentially mapped to a related TTP context and adorned with other relevant metadata on things like confidence in the indicator’s assertion, handling restrictions, valid time windows, likely impact, sightings of the indicator, structure test mechanisms for detection, suggested course of action, the source of the indicator, etc.”

MITRE also defines several interrelated terms that address higher-level constructs and organizational objectives: Incidents; Tools, Tactics, and Procedures (TTPs); Campaign, Threat Actor, and Course Of Action (COA).

Source: Misunderstanding APT Indicators of Compromise | Threatpost | The first stop for security news