Top OT cybsersecurity solutions for Industry & Healthcare

/in cybersecurity/by sixe

Introduction

Today’s industrial control networks are a hive of interconnected devices designed to work together as a whole. If the mechanism fails at any point, it can trigger a serious domino effect. For example, communications systems are needed to advise power plants on the amount of electricity available in the network and to regulate its production. A hospital depends on its own networks to send diagnostics to customers and a car factory has complex robots that are also interconnected. Although not everything is accessible on the Internet, there are many ways to access these environments and the risk is growing exponentially.

In general, each of the 16 Critical Infrastructure Resources (CIKR) are highly interconnected and are generally affected by similar vulnerabilities and attack vectors.  Securing CIKR is difficult due to many factors. These environments were initially planned to be independent, so no online defense was required or implemented. They also manufacture goods and operate non-stop for thousands of hours, so downtime, except for repairs and patches, would have a significant impact on the business. Few hospitals upgrade an X-ray machine if it works and does its job, nor does a grav conveyor or uranium centrifuge. This is a problem because old hardware and applications are prone to create problems when exposed to modern attacks.

CIKRs have been reluctant to adopt newer technology because their design has been able to reliably deliver a result that is necessary for our modern society over the years using their own protocols, processes and security systems (however old they may be). The vast majority of WO systems operate on a day-to-day basis without significant error. However, the risk of supporting legacy applications and systems even since the late 1980s is increasingly high.

Medigate

Medigate is our preferred solution for making hospitals and medical centers safe and free from cyber threats. It identifies the nature of the attack so the user will have the ability to prevent a rash action or be targeted. The clinical context will help in identifying the development of chaotic human behavior. Device profiles will help you manage device lifecycles and offer additional network security as a result. Medigate and Check Point have come up with an advanced security solution for implementing the Internet of Things (IoT) and IoMT networks. The combined solution of Check Point with Medigate establishes quick and effective security monitoring for Hospitals. The key features include:

  • Realistic and holistic medical device registration.
  • Mapped-automated anomaly detection.
  • Policies are generated from device attributes.
  • “Single pane of glass” for all content produced by Medigate on Check Point Smart Console.
  • Automatically activating IPS flagging of known Internet of Things exploits.

Security experts wonder whether the security mechanism of online hospitals hasn’t been developed differently. This should be seen as another hint that plenty of legacy networks were never made with data security in mind, placing vital resources and lives at risk. Of course, layers of Cyber defense safety can be added today. The only real difficulty is to design and enforce appropriate layered layers of internet security. Another way to do this is to bring security programs into applications. This would be the safest decision in the long run. Long story short, the transition will take a long time. Updating the equipment of such facilities would come with an equal magnitude of risks as the installation of security systems.

Medigate’s passive platform can be installed by hospitals and security system integrators very easily and is integrated with Check Point’s R80 management system and Security Gateways. Once connected, the medical device security platform shared the identification information of the device and application information with Check Point’s Smart Console. This enables a full view of the screen for a screencast of both devices. Due to granular visibility in surgical devices, medication’s effectiveness is assured. Medigate takes advantage of deep packet inspection to monitor devices by specific identifiers, including setup, usage, performance, and location. This enables both systems to be displayed simultaneously to the Check Point Smart Console, removing the need to flip back and forth between dashboards.

The ability to tag medical devices by connectivity type, model name, and vendor enables more granular policies management. Medigate checks what is changing in the network every hour to ensure that the tags stay current.

Tenable.ot

The heart of a company is a computerized network of controllers that transmit and receive commands. Programmable Logic Controllers (PLCs) and Remote Terminal Units (RTUs) are industrial equipment that acts as the bedrock of industrial processes. Operations infrastructure now has a large scale attack surface and multiple attack vectors. If we are not able to monitor access to the info, there is a strong risk of getting targeted.

Tenable.ot (formely know as Indegy ICS) is designed to protect enterprise networks from cyber threats, malicious insiders, and human error. Our solution also offers vulnerability identification and avoidance, asset tracking, reporting, and managing the setup of a Wi-Fi network. Industrial Control System (ICS) protection and protection is improved dramatically. The approach provides a clear situational understanding across all departmental locations.

When making investment decisions in OT systems, the cost is still a concern. In order to finance the initiative, we must transfer the costs to users of the services. These innovations are not affordable since the users of the goods produced by this technology have fixed-capital costs included in the cost of goods sold. Increased investment in technology along with its short life span would be costly. Many of the costs of recycling would not be passed down to consumers because of federal legislation. The sector has failed to come to a consensus about the consequences of protecting their OT processes, and how to finance those improvements over the decades.

Just recently no evidence there needed to be special strategies developed to defend against cyber-attacks. On the rise are cyberwar scenarios and as a result, users and companies should be safe as well. The urgent need is for authentication mechanisms to protect UTM/OTM so that system administrators can protect and safeguard their systems from end to end.

Integration of QRadar SIEM

QRadar is a security information solution that offers real-time monitoring of the IT networks. We offer a broad variety of QRadar solutions including core SIEM parts and associated additional hardware.

The key feature of the QRadar SI Platform allows the acquisition of security information in real-time. The solution will gather data from attached logs to analyze abnormalities and produce disturbing warnings until a security threat is identified. This unique appliance recognizes, evaluates, and tracks security, enforcement, and policy threats in networks. It allows network administrators and others to decide on proactive network safety initiatives.

This module scans your computer network for bugs, as well as looks at the data obtained from other hackers (such as Nessus and Rapid7). Using our system to address network security issues. In addition, this lists the index of vulnerabilities that can be further used in connection rules and reports by IBM QRadar Vulnerability Manager. This module would help you inspect your computing devices within hours or even minutes.

Ensuring security using Next-Gen SIEM

  • Security vendors will use machine learning and artificial intelligence approaches to bypass old security tools that are using static laws. You can deter unknown attacks by using a big data analytics-based next-gen SIEM service. Machine learning systems evolve easily and are capable of identifying advanced threats that law- or signature-based detection systems can’t identify.
  • Behavioral analytics can be used to track insider danger and spying practices. Understanding the entire body of “Behavior Anomaly” is a key to identifying an insider danger at an individual and community level. Insider attacks stem from breaking into access rights they have been given. These malicious actions may be identified using a next-gen SIEM that introduced powerful behavioral analytics.
  • Good emergency response systems are important to disaster management. Cyber threats that are not stopped are also had detrimental consequences. In delivering and sustaining company instruction on the procedures to conduct in the event of an assault, your organization minimizes the harm of an attack.
  • Physicians should ensure their medical data stays private and limited to approved persons. The EMR documents contain health information, so it is important to keep the medical details private. Usually, Legacy SIEMs enable organizations to mix confidential patient data with other IT data as well as enforcement details a next-gen SIEM solution offers all of the privileges required to preserve data security, such as anonymization of data, role-based access management, data filtering or erasure, and a full audit trail.
  • Healthcare companies are subject to more legislation in today’s culture. Next-gen SIEM technologies deliver out of the box and ad-hoc reporting to satisfy regulations like HIPAA, HITRUST, GDPR, and others.

Conclusion

Healthcare practitioners are mindful of the necessity of preserving patient records. Healthcare security is under attack by both external and internal threats, making it imperative to protect individuals Personal Health Information (PHI). There has been a substantial rise in the cost of healthcare, and companies are being targeted for their information and results. The organization often faces stiff regulatory pressure which punishes careless or mischievous mishandling of data.

We must keep in mind to provide sufficient protection in our enterprise climate. This form of networking can help us learn more about what is happening in our machine as well as the internet. One of the most common tracking and analysis techniques is Security Information and Event Management, which collect information such as computer device events and archive and process them. Special attention should be paid to installing SIEMs in OT networks and the peculiarities of these networks should be borne in mind. We can help you to deploy and integrate IPS, SIEM, and IDS. Contact us!

OKD V4 is finally out – new features and everything you need to know

/in Data Center/by sixe

As you might know OKD is the community version of Red Hat OpenShift powered by Kubernetes. After using OKD 3.11 for quite some time, many developers that use this distribution of Kubernetes were looking forward to OKD 4. Like any other platform, OKD was updated to fix some of the issues in the previous versions and also to add features and functionalities that could make the platform more robust and user-friendly to developers. Version 4 of OKD was released in July 2020, and if you want to know what this version has to offer, this article is for you. We shall discuss the new features and everything you need to know about OKD4 and how you can install it on the various cloud platforms. Make sure you read it till the end ;)

New features in OKD v4

There are lots of new features and functionalities in this new update.  Below are some of the major ones that you need to know.

  1. Operator lifecycle manager (OLM)

OLM is one of the features that several developers have been looking forward to having in OKD. What Operator lifecycle management does is helping cluster administrators in installing, upgrading, and granting access to Operators running on their cluster. The role of this new feature is to make the work of cluster administrators more seamless than it was in the previous versions of OKD. OKD v4 has an organized list of all operators with the ability to load other operators into the cluster. It also handles role-based access control for certain teams to use certain operators. With this version, rolling updates for all operators are handled by the Operators lifecycle manager as well.

  1. Cluster maximums

With this new version of OKD, you can use the OKD limit calculator to know the cluster limit for your environment. So, you can get to know ahead of time the maximum number of clusters that can be deployed in your environment.

  1. Node tuning operator

OKD v4 now has the node tuning operator functionality that helps developers manage node-level tuning by orchestrating the tuned daemon. This feature is very crucial when deploying high-performing applications that need some level of kernel tuning.

  1. Cluster monitoring

With this feature, developers can configure horizontal pod autoscaling (HPA) based on the custom metrics API. Despite its availability in this new version of OKD, this feature still has a couple of limitations that include; the adapter only connecting to a single Prometheus instance to use Prometheus and also having to manually deploy and configure the adapter.

Another limitation with this feature is the fact that the syntax for Prometheus Adapter could be changed in future updates of the software.

  1. New alerts are now integrated into the UI.

In this version of OKD, you can view all the cluster-level alters and also alerting rules all within the new OKD web console.

  1. Telemeter

Telemeter helps to provide information about the cluster-related metrics that could be of importance to the people using OKD. So, with telemeter, it is possible to Gather crucial health metrics of OKD installations, enable a viable feedback loop of OKD upgrades, gather the cluster’s number of nodes per cluster and their size (CPU cores and RAM), gather the size of etcd, and also gather details about the health condition and status for any OpenShift framework component installed on an OpenShift cluster.

Other features include the following;

  • Multi-stage Docker file can now be accessed within all Docker strategy builds
  • Instead of being managed by the oc admn registry, the registry is now managed by an operator.
  • On top of the registry, an operator now also manages and configures the cluster network. Monitoring and upgrading of the cluster network is also the responsibility of an operator.
  • OKD 4 also has a new feature called multus, which is a meta plug-in for Kubernetes Container Network Interface (CNI), which enables a user to create multiple network interfaces for every pod.
  • F5 router plug-in is now not supported within OKD. It can now be got from a container connector that was created by the developers of this plug-in.
  • The user interface of the platform also has a slightly new look to make it easy for the developers to find the features they need.

Upgrading to OKD4

At the time of release, the option of updating OKD from version 3.11 to version 4 was not available. You have to perform a new installation of Openshift 4 independently. If you are using cloud platforms like AWS, bare metal, and vSphere host, it is possible to install OKD with a user-provided infrastructure.

Final thoughts

This new update of OKD is something every developer that was using version 3.11 of the platform should be looking forward to. It has lots of interesting features and a refreshed UI like we have seen above. The goal of this update is to make developers and operations engineers more productive while executing their tasks with OKD.

If you need training, check our OpenShift and Docker + Kubernetes workshops and contact to schedule your free course demo.

Sign up for our free IBM QRadar SIEM webinar

/in cybersecurity, News/by sixe

Get to know from our experts the reference SIEM solution and leader year after year in the market: IBM QRadar SIEM. One tool allows to separate the grain from the straw being able to correlate millions of events from servers, computers, network electronics and immense external knowledge bases such as IBM X-Force allowing us to prioritize and optimize the time and efforts of our cybersecurity analysts.

Anticipating sophisticated attacks requires a mature, powerful and flexible SIEM solution to implement the latest attack prevention and information theft methodologies. Given the enormous interest in this technology, we offer once a month an intensive course in webinar format taught in English and totally free.

The next edition will be on Monday, January 18, 2021 at 15:oo London, 10:00 New York

In this first webinar, we’ll talk about existing architectures, from All-In-One environments to the ability to deploy some or even all of the cloud infrastructure, protecting our environments on AWS, Azure, or Google Cloud. We’ll stop to discuss what’s new in the latest releases, multi-client environments, and the challenges of environment migrations and updates. We will discuss the philosophy of the product and how to make the most of its powerful rule engine. We will discuss solution costs, licensing options and discuss the latest success stories among our customers. This workshop is based on our popular cybersecurity analyst courses, QRadar SIEM management and advanced product usage. The webminar will be fundamentally practical and during it, we will perform various live demonstrations.

Online seminar agenda

  • Introduction of IBM QRadar SIEM
  • On-site and cloud solution architecture
  • What’s new in the latest versions
  • Improvements over competitors: Splunk, LogRhythm, Exabeam, Rapid7, Fireye
  • Product demonstration
  • Success stories
  • Open debate, pleas and questions.

Although it is an online seminar, places are limited. Sign up right now. We will send you an email a few days in earlier with all the details and information needed to connect.

 

Sign up for our free Red Hat OpenShift 4.6 webinar

/in Data Center, News/by sixe

At Sixe Ingeniería we want to release the latest version of Red Hat Openshift Container Platform 4.6. Our preferred technology for container-based and PaaS (Platform as a Service) workloads in general. That’s why we offer every month an intensive course in webinar format taught in English and totally free. We will start from scratch and there is no need for previous experience in docker or kubernetes (technologies that we will talk about briefly during training).

The next edition will be on Tuesday, January 19, 2021 at 15:oo London time and 10:00 in New York time.

 

In this first webinar we will talk about the existing reference architectures, their relationship with Kubernetes and the possibilities we have for their installation. We’ll cover both deployments in our data center and our favorite cloud provider (Google, Azure, AWS, IBM). Not forgetting the mixed environments also known as hybrid cloud, where we choose which applications we will deploy “on-premises” and which “off-site” or directly in the cloud. We will discuss the costs of the solution, the available security layers and also discuss the latest success stories among our customers. This workshop is based on our popular deployment and operations course, from which we will borrow some examples that will allow you to understand through a few short live demonstrations, the potential of this technology.

Online seminar agenda

  • Introduction of Red Hat OpenShift 4.6
  • Red Hat OpenShift Container Platform Architecture
  • Deploying the solution
  • What’s new and migrated from previous versions
  • Success stories.. and failure (spoiler: no client our xD)
  • Open debate, pleas and questions.

Although it is an online seminar, places are limited. Sign up right now. We will send you an email a few days in earlier with all the details and information needed to connect.

 

Myths and truths about security in Red Hat OpenShift

/in cybersecurity/by sixe

Many of our customers are planning to start using Red Hat OpenShift, our preferred container orchestration platform. Its advantages can be summed up in that it allows a progressive modernization of existing applications and the deployment of many others that, for what to deny, with a design based on micro-services are imposed on many new IT architectures. Just thinking about never having to “prepare” a machine again (installing operating system, configuring network, security, installing libraries and dependent software) every time we want to deploy an environment justifies giving this technology a try.


Kubernetes
 is to containers what OpenStack went to Cloud environments. An open source solution, which allows us to share a portion of the infrastructure available in our data centers: servers, networks, storage in resource pools on which to deploy, automatically various workloads. Through a self-provisioning portal, our developers will be able to not only deploy the environments they need to make their applications work perfectly, but also automatically and continuously verify that those applications are working properly. If a developer’s “commit” at the last minute of the day causes a bug, you can go back to the previous day’s version without anyone having to intervene.

If we add to this the ability to make gradual deployments, where a small percentage of users enjoy a new version of our application while the rest continue to use the latest stable version; high availability that works without any additional configuration, resource allocation (developers, memory, CPU, disk space, IP address assignment) per project, or the ability to measure in real time what part of our infrastructure we are using, at what level of efficiency and with what results, few system managers will say no to such a wonder. Not forgetting the ability to automatically scale applications by adding or removing containers as needed.

Luckily or unfortunately, noor all is in the hands of the system managers. What about security? What do CISOs think? Let’s to go over some “myths.”

OpenShift is tremendously safe by design. In our opinion, its basic technology (containers) is as secure as the Linux Kernel is at all times. That is, container processes are separated by linux kernel “namespaces”, the resources they use by “cgroups” and their security, and their context by SELinux. It’s powerful, yes, but we’re still sharing a kernel among many containers in each one. and the kernel needs to be patched, also for security reasons. The inclusion of RHCOS (Red Hat Core OS) has allowed us to make great progress in recent times in terms of the security of the operating system on which this Kubernetes distribution runs. However, since the RHCOS nodes are intended to operate with little change, it is important that any security-related improvements to those nodes are done with extreme care. it’s not going to be that we get the opposite effect.

The images we download are always verified and your code audited by Red Hat. Well, actually access to container images (downloaded or own) are managed in a similar way to RPMs. There are public or private repositories that we connect to, with their keys and their signatures. Vulnerabilities keep coming out every day so we need to have some kind of solution that monitors the contents of the container images available in our repositories, especially images downloaded and installed in our environment.

OpenShift supports JFrog Artifactory, Black Duck Hub, and Docker Trusted Registry. Red Hat CloudForms SmartState can also be used to mark vulnerable images in such a way that OpenShift prevents those images from being used. They are also useful for applications that perform static application security (SAST) testing and dynamic application security (DAST) testing, such as HP Fortify and IBM AppScan.

OpenShift has a robust and secure authentication system. Each OpenShift cluster actually uses user, group, and role accounts.

To manage each user’s access to OpenShift components and be able to verify each user’s identity, the cluster will connect to different identification providers (OpenID, LDAP, Active Directory, Github, etc.). Each of which will have its own configuration, advantages and disadvantages.

Isolation of networks and communications between OpenShift projects is sufficient. It is robust, because it is based on the network components of Kubernetes, but there are operators and plug-ins that can help us isolate the different networks or give dedicated accesses to certain network cards using technologies like SR-IOV. Plugins such as Multus-CNI that allow this and other functions, complementing the features of the Cluster Network Operator (CNO), the CNI’s “Container Network Interfaces” and CoreDNS .

Interested in knowing more about OpenShift? You may be interested in our three-day intensive Red Hat OpenShift 4.X course. We also offer official IBM training if you want to deploy IBM Power Systems servers.

 

Deploy OpenShift 4.6 in five minutes on your own laptop or server

/in News/by sixe

Perhaps one of the challenges in learning about Red Hat OpenShift is having a good testing environment to understand the platform well, be able to deploy test applications, and be phesible with both the GUI and the command line. While a minimal cluster starting with OpenShift version 4 requires at least 6 nodes, there is an all-in-one system called Red Hat CodeReady Containers. It includes a minimum cluster of the latest OpenShift 4 version with a series of settings to work on a single virtual machine that we can deploy on our test servers, or even on your own laptop. Although it is a project aimed mainly at software developers, but that serves us perfectly, to learn how to configure and manage this platform.

What other differences exist?

  • There is only one node, which acts as “master” and “worker” at a time. You’ll see a lot of “warning” messages, but it’s not a problem.
  • Kubernetes Operators are disabled. Also monitoring to save resources.
  • Cannot upgrade to new versions of OpenShift. Although this is not a problem because we can download and run the new versions of this virtual machine that Red Hat is publishing regularly.
  • It is an environment that must be recreated from time to time. Red Hat recommends doing it once a month, but in our hands-on experience, every two or three days of use, it gets slower and slower and needs to be destroyed and recreated.
  • As it runs inside a virtual machine, it may be up to us to make some additional network settings by hand.

What are the HW and SW requirements?

  • Latest version of Red Hat or Centos 7.X or 8.X. We prefer Centos as the setup is faster.
  • 4 virtual CPUs (vCPUs)
  • 8GB RAM
  • 35 GB of disk space.

If none of this is a problem for you, you
can download the
 image here. Please note that you need a Red Hat developer account (free).

You will see that in addition to selecting the operating system (there is an image for each type of “Hypervisor”), there is also a “secret”, this is still a kind of key-license, which will ask us during the creation of the virtual environment. Don’t download iton, but write down the “pull secret” in a notebook or similar.

If we are deploying the environment on Red Hat Linux, we will need to run these two commands to install and activate the NetworkManager:

$ su -c ‘yum install NetworkManager’

$ su -c ‘sytemctl start NetowrkManager’

We will also add a non-administrator user with sudo permissions, essential for everything to work properly.

$ useradd crc

$ passwd crc

$ vi /etc/sudoers

Allow root to run any commands anywhere

root ALL(ALL) ALL

crc ALL(ALL) ALL

With this user, we’ll download Code Ready Containers and launch the environment configurator.

$ su – crc

$ cd /home/crc/

$wget https://mirror.openshift.com/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz

$ tar -xvf crc*.xz

$ mv crc-linux-1.xxx-amd64/* /home/crc/bin/

$ crc setup

The latter is a necessary trick for DNS to work properly

$ crc start -n ‘8.8.8’

After a few minutes you should see this message.

To access the cluster, first set up your environment by following ‘crc oc-env’ instructions.

Then you can access it by running ‘oc login -u developer -p developer https://api.crc.testing:6443’.

To login as an admin, run ‘oc login -u kubeadmin -p dpDFV-xamBW-kKAk3-Fi6Lg https://api.crc.testing:6443‘.

You need to set up a number of environment variables with

$ eval $(crc oc-env)

Now you can register as an administrator:

$ oc login -u kubeadmin -p dpDFV-xamBW-kKAk3-Fi6Lg https://api.crc.testing:6443

.. or as a developer:

$ oc login -u developer -p developer https://api.crc.testing:6443

If you don’t have a graphical environment installed on this server, you won’t be able to access the web environment (via crc console),but you can use Firefox on any other system where you have Linux installed.

You need to copy the contents of /etc/hosts from the server where you installed OpenShift at the end of your local /etc/hosts file

Next you’ll need to open a VPN via ssh from a desktop environment like Ubuntu to the server where you deployed OpenShift

$ sudo apt-get install sshuttle

$ sudo sshuttle -r root@remote-server-ip -x remote-server-ip 0.0.0.0/0 -vv

And now, if you open your browser and access https://console-openshift-console. crc.testing you’ll see the GUI

 

If you need to know more, we have hands-on courses from both Docker and kubernetes and OpenShift. Contact us without obligation.

Five things to know about our lab services

/in News/by sixe

If your company needs technical help successfully completing its data center infrastructure and services projects, you’ve come to the right place.
Our deployment services and systems lab
 help organizations around the world deploy the basic components of the next-generation IT infrastructure, from servers to storage systems and software.

Through short consulting, training, or service contracts, we help IBM, Lenovo, SUSE, and Red Hat customers and partners implement, optimize, and acquire the skills needed to get the most out of new private, public, cognitiveinfrastructure, and critical environments solutions in general. Our consultants bring great IT expertise as well as key insights to help companies get the most out of their technology investments.

All our services are provided either virtually or on-site anywhere in the world.

If you have never worked with our professional services here are five key points you should know about us:

1. We offer all your technical expertise.

We are a global team of technical consultants with experience in IBM Power Systems, IBM Storage and Lenovo as well as AI, cloud and security. Our teams leverage deep technical knowledge, along with proven tools and methodologies over many years and hundreds of projects.

Whether your organization is looking to deploy high-performance servers for multi-cloud, AI, blockchain, and analytics initiatives; secure your data with defined physical and software storage solutions; or maximize your infrastructure investments with software to help you accelerate workloads and simplify management, we can help.

2. We design new solutions together with our customers and technology partners

We are committed to a cooperation strategy to develop new business models, products and services. We collaborate with your organization, product development teams, and other companies that also provide services to your organization to design and deliver the innovative solution your business needs to win and grow in the market.

Together, following an agile approach, we evaluate your current environment and needs, define a roadmap, and design and implement the most valuable solution for and with you, so that in the end your team is fully trained to manage the environment and solution.

3. We help our customers acquire new skills that allow them to be prepared for the future.

Whether you’re migrating to new hardware, adopting AI storage solutions, or designing a multi-cloud infrastructure for enterprise transactions, not only addressing the current challenge, but we also transfer skills and knowledge to your team.

Skill transfer is a key component of our engagement model that helps ensure our customers have the competition to manage their solutions in the future.

4. We offer technical training.

Our courses and workshops take place around the world throughout the year to provide training to customers and partners. We regularly offer specific and comprehensive training sessions conducted by engineers, developers, or experts on our favorite IBM, Lenovo, Red Hat, and SUSE products to help our customers and partners learn, grow, and connect with developers, industry leaders, and executives from the companies we work with.

5. We help our customers adopt state-of-the-art hybrid cloud and artificial intelligence solutions.

We’ve helped many customers design multi-cloud hybrid infrastructures and deploy AI enterprise applications. We understand the challenges customers face around the hybrid cloud, and we can serve as trusted advisors at any stage of the journey to the cloud – from design to management and optimization. This includes support to help businesses move applications to the cloud more easily and, above all, securely.

 

 

Install IBM QRadar Community Edition 7.3.3 in ten minutes

/in cybersecurity/by sixe

After a long wait, the free version of IBM QRadar SIEM is finally available. This edition, called “Community” contains all the features of QRadar SIEM and requires little memory (works with just 8 or 10GB) compared to the at least 24G required for a minimum commercial version environment. It also includes a license that does not expire and allows you to install all kinds of plugins and applications. The objective is its private use for learning, demos, testing and fundamentally, development of applications compatible with QRadar. That’s why its capabilities are limited to managing up to 50 events (logs) per second and 5,000 network packets per minute, which isn’t bad :)

Keep in mind that one of the main drawbacks that does not bring support for all devices and environments of the commercial version. If we want to monitor a database, or a firewall, we will need to install each of the modules manually

What are the hardware requirements?

  • Memory: 8GB RAM or 10GB if apps are installed, i.e. a modern laptop can run.
  • Disk: 250 GB although our experience tells us that with about 30G is enough for ephemeral environments. Space is being used as SIEM is kept in use. If virtual machines are created and destroyed for short tests, it doesn’t take that long.
  • CPU: 2 cores, but 4 or 6 would be even better.
  • Network: Internet access, a private network, and FQDN hostname.

How do I install it?

IBM provides for this version an image in downloadable OVA format from this link. We no longer have to launch the installer on a CentOS system created by us and with the usual small bugs to correct, which is appreciated. Just have to create an IBM account, something that can be done on the spot and for free. The OVA image can be deployed to VMWare, KVM, or VirtualBox.

The installation process is quick and simple as shown in the following video:

 

New Free QRadar CE version 733New Free QRadar CE version 733

After which, you can start exploring and working by following the clues available in the”Getting started guide”

Once the environment is up and running, you can install applications

QRadar CE 733 Add an App from the App ExchangeQRadar CE 733 Add an App from the App Exchange

And even monitor the network of our house: phones, laptops, home automation systems, etc.

Use The Free QRadar CE to Monitor your Home's Network (flows)Use The Free QRadar CE to Monitor your Home's Network (flows)

Want to know more about IBM QRadar SIEM?

We offer professional services (consultation, deployment and support), official courses and certification bootcamps. Contact us without obligation.

 

What’s new in Red Hat OpenShift Platform 4.3

/in News/by sixe

Last January, Red Hat announced the general availability of Red Hat OpenShift 4.3. As you all know OpenShift is the most popular and used distribution of Kubernetes worldwide. While OpenShift has many powerful features for DevOps environments, security concerns are one of the main concerns for users and customers. When we offer our training courses in OpenShift we joke that the rule in this “world” is features first, security later (if it arrives). That’s why this new release primarily focuses on improving in this area, but also includes improvements in storage and the user interface.

Security

OpenShift 4.3 offers for the first time FIPS (Federal Information Processing Standard) encryption and additional security enhancements for businesses across industries to help protect sensitive customer data with stronger encryption controls. It also seeks to improve access control monitoring through new features that have to do with role-based access and user and application authorization control in general.

On the other hand, you can install the module (kubernetes operator)“Quay Container Security”that allows to know the vulnerabilities of our PODs

openshift 4 quay image security integration

 

Storage

This release also coincides with the overall availability of Red Hat OpenShift Container Storage 4,which provides greater portability, simplicity, and scale for data-centric Kubernetes workloads. Red Hat OpenShift Container Storage 4, which is designed to deliver multi-cloud storage through gateway technologies across providers (Amazon, Google, Azure). This is made possible by NooBaa’s Software Defined Storage (SDS) solution, a company recently acquired by Red Hat. In this way, customers can deploy their services across multiple public clouds, while operating from a unified dashboard that covers not only applications but also storage.

User interface

The topology view is an interface designed for developers, allowing them to not only understand the structure of their applications, but modify their configuration and even connectivity with other services directly from the console as seen in the next image. Topology view has been greatly improved, showing real-time changes.

And allowing functions such as modifying connectivity between applications and services, as well as removing them.

 

Supplanting users

Imagine you’re a cluster administrator where there are thousands of users. As soon as you get to your job, you’ll most likely get a ticket where a developer complains about has console issues or some of the features of Red Hat OpenShift. Well, since version 4.3, it is possible to impersonate users, or what is the same thing to pass us as the user that we want. Using your roles and specific configuration we can perform typical troubleshooting tasks much faster and easier.

Other improvements

Thanks to the Tektonproject, in OpenShift version 4.3, users can activate the“pipelines”of any application. Once associated, they will appear in the topology view along with their real-time logs. Support for KNative,server-less kubernetes technology, is also included for the first time and as a technology preview.

Want to know more?

In Sixe Engineering we have been working with OpenShift since 2013 (version 2.0) We offer professional services and private training. Contact us and tell us what you need.

 

 

 

What’s new in IBM QRadar SIEM version 7.3.3 (about 7.4)

/in News/by sixe

The latest version of IBM QRadar SIEM, The V 7.3.3 is the pre-release release of the expected 7.4 by the end of the first quarter of 2020. It includes improvements in performance, analyst workflow, product security, and essentially user experience. The upgrade is simple, through an IBM-provided script that from the console updates the deployment set.

Here are some elements, which in our opinion make it interesting to update to this version while the long-term 7.4 is released in the coming months.

Support for key and value pairs in the DSM editor.

Until now, when creating a log source manually, we needed to use regular expressions to extract each of the fields. Starting with version 7.3.3 it is possible to use simple delimiters for key – value attributes. This goes a step further than the improvement in event processing in QRadar 7.3.2 CEF and LEEF format, which allowed for the first time to automatically detect new properties. In addition, users with permissions can register that “custom properties” directly from the DSM editor, saving time and facilitating the whole process. Finally, an option has been implemented to export configurations from new log sources from the same editor.

Flow improvements (flows)

This release detects vxLAN information that is present in packets that are sent to QFlow (via Azure vTap, Technocrat
or monitoring card, or NIC) is extracted and added to the QRadar flow logs.

What’s new in Network Insights

Network Insights has improved the module that inspects RDP connections by detecting the type of encryption used and added a module to detect rsh, rexec, and rlogin connections. Another interesting improvement is that from now on all protocols: NFS , POP, SSL, TSL, HTTP, SSH, RDP, etc are detected accompanied by their version, as shown in this table.

What awaits us in version 7.4?

The release of the QRadar 7.4 is planned for the first quarter of 2020 and will include major improvements. This release will be based on Red Hat Enterprise Linux 7.7. It is expected to support Python 3.X and, as a curiosity, it is not clear that it is compatible in Internet Explorer browsers. It is important to note that this is a major update, with changes to the base version of the operating system. This involves additional tasks and additional precautions.

If you serve multiple customers from your SOC and use QRadar, you are in luck. There are plenty of hope that we’ll finally see significant improvements to the graphical interface along with a larger update to the Application Framework that provides full multi-tenancy support. However, the applications will have to be updated to be fully compatible. It is known that the UBA development team is already working on an update that, using these functions, allows to segment user behavior data by customer and domain.

In fact, it will be the companies that provide virtual or remote SOC services in multi-client environments that will benefit the most from the new features of version 7.4. In another post we will talk more about this and how to integrate QRadar into semi-automated incident response environments through different SOAR solutions like Resilient IRP. The future of SOCs will be to continue integrating tools and automating processes,as has been done for years in distributed environments with the implementation of DevOps & SysOpsmethodologies.

If you want to know more about this solution, at Sixe we offer training, consulting and technical support services for IBM QRadar SIEM. We also sell and deploy, migrate and integrate QRadar for all types of environments and customers. Contact us if you need our help :)

SIXE

Social Chat is free, download and try it now here!