BLOG

Get the Latest News and Press Releases

Using Scheduled Delivery and Alerts for Keeping Your Team Up-to-date and Automating Insights for Business Users – bipp Analytics

Scheduled delivery and alerts allow business users to schedule multiple personalized reports for automatic delivery directly to their inboxes: bipp Scheduled Delivery and Alerts | Data-Based Alerts | Ad Hoc Reporting

  • Scheduled Delivery allows business users to schedule personalized reports for automatic delivery directly to their inboxes as PDFs or JPG files.

  • Data-Based Alerts speed up decision-making by sending email notifications to key people. Alerts are generated once defined thresholds are met or changes occur in sheets or dashboard screens.

submitted by /u/thumbsdrivesmecrazy
[link] [comments]

IC-119122-M5Q0

The complainant submitted a request to the Foreign, Commonwealth & Development Office (FCDO) seeking a copy of the ‘BIOT [British Indian Overseas Territory] Conservation Management Plan’. The FCDO withheld this on the basis of section 27(1)(a) (international relations) of FOIA and regulation 12(5)(a) (international relations) of the EIR. The Commissioner’s decision is that the requested information is exempt from disclosure on the basis of regulation 12(5)(a) of the EIR and that in all the circumstances of the case the public interest favours maintaining the exception.

IC-59171-L9X4

The complainant requested information which he considered should have been included within the council’s disclosure required in a step ordered in Decision Notice IC-48031-M7Y5. The council had initially responded saying that it did not hold any further pertinent information. During the course of the Commissioner’s investigation, the council accepted that it does hold some further information. It argued that the complainant had already obtained a copy of specific council minutes via the ICO. This, however, was not a correct assumption. The Commissioner’s decision is that the council was not correct to withhold the draft minutes of the meeting of 23 September 2019. In doing so, it failed to comply with the requirements of sections 1(1)(a) and (b) of FOIA. She has also decided that, whilst she is unable to say that the council does hold further information falling within the scope of the request, the council has not provided sufficient evidence to support a conclusion that, on a balance of probabilities, it does not hold further information falling within the scope of the request. The Commissioner therefore requires the council to take the following steps to ensure compliance with the legislation. To disclose to the complainant a copy of the draft minutes of 23 September 2019. To carry out further, sufficiently detailed searches for the requested information, and following this, to make a fresh response to the complainant’s FOI request as required by section 1(1) of FOIA, without relying upon section 14 of the Act.

New Year, New SOC — 2022 is the Year for Integrated Intelligence

The beginning of any year is a natural time to take stock of your processes, resources, and systems while looking for opportunities to improve efficiency. There’s just something natural about the flipping of a calendar that makes us want to look around and say “is there something I could be doing better? Is there an easier way to do this?”

In the rapidly shifting intelligence and security industry, investigating these questions can lead to important conversations about your organization’s security posture. “Security” is a broad term and can mean a million different things; and a SOC can be configured a thousand different ways with any number of different platforms, systems, and analysts working to keep you safe. Taking the time to assess your current SOC setup and make the right decisions can save countless hours, allow you to reallocate scarce resources, and most importantly, prevent serious risks. 

All of these points mean that 2022 is the year for you to begin integrating intelligence into your current SOC and harness the power that comes when you combine intelligence with automation. 

Why Does Your SOC Need Intelligence?

Maybe you’re reading this and thinking, “my organization’s SOC has a ton of different tools for collecting data. Why would I need anything else when we’ve already got more data than we can handle at any given time?” Or maybe you’re not thinking that and I’ve just created a hypothetical that allows me to drive at my point, who knows!

The key difference is that data isn’t intelligence. Data is raw information that requires massaging and critical thinking to parse its meaning. You can have all the data in the world but you still need to understand what’s important and what you don’t need to focus on. In many SOCs it can be difficult to bring in data from different sources and have it correlated, meaning more work for analysts, and valuable time wasted. 

That’s where intelligence comes in. Intelligence is what sorts data into clear information, allowing you to take quick and decisive action. Intelligence is the difference between knowing about a threat when there’s still time to act, and being too late. Taking it one step further, what you really want to unlock is trusted intelligence—intelligence you trust to help you make decisions within seconds and feel confident with your actions.

As you can see, intelligence should be a crucial part of your SOC, but of course the remaining question is: how do you inject intelligence into your SOC?

Integrating Intelligence into Your SOC—and the Possible Benefits

The easiest way to bring intelligence into your SOC is by integrating it into your existing systems and platforms. There’s no need to overhaul the entire security team you worked hard to organize; intelligence is about refinement, taking raw data and turning it into actionable insights. 

For instance, Recorded Future seamlessly integrates into your SIEM environment, enriching the alerts you see and giving you greater context. When you layer intelligence into your existing environment you no longer have to waste time searching on the web to comb through research and figure out if you’re facing a real threat. Recorded Future provides real-time context based on machine learning, natural language processing, and human analysis. 

The relationship between an intelligence platform like Recorded Future and a SIEM is a two-way street, too. The data flows both ways, meaning the intelligence within Recorded Future becomes instantly actionable because it is configured specifically for your organization’s environment.

What does the real-life benefit of no more harried Googling, and true intelligence, look like? A Forrester Consulting Total Economic Impact™ study found that the Recorded Future platform can reduce investigation time by 40%, help your organization identify 20% more threats, and reallocate on average at least two threat analysts. 

“By integrating intelligence into our existing IBM Security QRadar [SIEM] system and workflows, and automating analysis, we believe we have improved the accuracy and operational efficiency of security monitoring by a factor of three to four” – Keita Nagase, Chief Information Security Officer, Okinawa Institute of Science and Technology.

Integrating intelligence into your SOC—specifically your existing tools and processes—is the easiest and most effective enhancement you can make in 2022. Threat actors are only getting smarter and more brazen, and having raw data alone won’t help anymore. You need actionable intelligence that enables you to make the correct decisions and act at the speed of the adversary.

To learn more about the power of Recorded Future’s intelligence, and how simple it is to integrate into your existing systems, click here. 

The post New Year, New SOC — 2022 is the Year for Integrated Intelligence appeared first on Recorded Future.

The People’s Liberation Army in the South China Sea: An Organizational Guide

Insikt Group

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

This report profiles the organizational structure of the People’s Liberation Army (PLA) on China’s outposts in the South China Sea. The analysis draws heavily from Chinese-language open source materials, including state media reports, government websites, resumes, procurement records, academic writings, and patents, as well as visual materials, such as photographs, videos, and satellite imagery. The report will be of most interest to governments and militaries with an interest in Southeast Asia and the broader Indo-Pacific region, companies seeking to comply with PLA-oriented export controls, and defense analysts focused on the PLA. The author, Zachary Haver, thanks Roderick Lee, Morgan Clemens, and Kenneth Allen for their generous support.

Executive Summary

People’s Liberation Army (PLA) units operating from militarized outposts in the South China Sea defend China’s expansive maritime and territorial claims while also projecting power into maritime Southeast Asia. To better understand the organization of the PLA in the South China Sea, Recorded Future identified and analyzed 9 specific PLA units that are deployed to Chinese outposts. These units are  Unit 91431 (the “Nansha Garrison”), the Xisha Maritime Garrison Command, the 3rd Radar Brigade, the Yongxing Airfield Station, the Sansha Garrison Command, Unit 91531 (“a Navy engineering unit”), the Xisha Satellite Observation Station, Unit 92155 (“a naval aviation air defense brigade”), and Unit 92508. We also examined several other units that have maintained at least a marginal presence on China’s outposts at various points, including the PLA Navy Marine Corps 1st Brigade, Unit 92690, Unit 92053, and Unit 91522.

Our report assesses the organizational structures, duties, and facilities and assets of each identified PLA unit. The majority of these units are regiment leader-, division deputy leader-, or division leader-grade organizations. They are responsible for defending China’s outposts in the Spratly Islands and Paracel Islands, operating radar installations, ensuring airfield support for aviation forces, training and commanding maritime militia forces, implementing engineering projects, supporting the launch and orbital management of spacecraft, and providing air defense. All of these units maintain a physical presence in the Paracel or Spratly Islands, but many also have supporting facilities on Hainan or the Chinese mainland.

Key Judgments

  • Though China’s outposts in the South China Sea have hosted PLA forces for many years, these outposts went through a period of significant militarization over the past decade, with multiple new units being established and existing units undergoing organizational upgrades, building improved facilities, and receiving new assets.
  • Several PLA units are present in the South China Sea, including units from the PLA Navy’s shore command structure, the PLA Navy’s naval aviation branch, China’s national defense mobilization system, and the PLA Strategic Support Force.
  • The PLA forces in the South China Sea include units that are primarily based in the Spratly Islands and Paracel Islands, such as location-specific garrisons, as well as detachments of units that are primarily based on Hainan, such as battalions under radar and air defense brigades.
  • The PLA units present on China’s outposts in the South China Sea actively participate in military-civil fusion programs, including engaging in joint operations and exercises with civilian forces, drafting regulations with civilian authorities, and coordinating the construction and use of physical infrastructure with civilian entities.
  • PLA units in the South China Sea are positioned to contribute to broader strategic objectives, such as near-seas defense and space situational awareness, in addition to their primary focus on the protection of China’s maritime and territorial claims.
  • In addition to the PLA forces that have a standing presence in the South China Sea, some units likely maintain a more limited presence on China’s outposts, potentially deploying personnel on an ad hoc basis.

Editor’s Note: This post was an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

The post The People’s Liberation Army in the South China Sea: An Organizational Guide appeared first on Recorded Future.

bipp Analytics as a Redash alternative – comparison

With Redash becoming tied to Databricks’ ecosystem, there is four reasons to go for bipp, a modern, feature-rich BI platform with an affordable price point: Replace Multiple Redash SQL Queries with bipp’s Single Source of Truth Data Models

  1. bipp’s data modeling layer is much easier as compared to managing a lot of Redash SQL queries.
  2. bipp’s Visual SQL Explorer allowing to go from database to charts in minutes.
  3. It provides a host of advanced features that let you realize the full power of BI and set your company up to scale.
  4. Its pricing model starts at $10 per user per month. And forever-free plan gets you started without any commitment.

submitted by /u/thumbsdrivesmecrazy
[link] [comments]

2021 Adversary Infrastructure Report

Insikt Group

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

Recorded Future’s Insikt Group® conducted a study of malicious command and control (C2) infrastructure identified using proactive scanning and collection methods throughout 2021. All data was sourced from the Recorded Future® Platform and is current as of December 10, 2021.

Executive Summary

Recorded Future tracks the creation and modification of new malicious infrastructure for a multitude of post-exploitation toolkits, custom malware, and open-source remote access trojans (RATs). Since 2017, Insikt Group has created detections for 80 families, including RATs, advanced persistent threat (APT) malware, botnet families, and other commodity tools. Recorded Future observed over 10,000 unique command and control (C2) servers during 2021 across more than 80 families. Our collection in 2021 was dominated by Cobalt Strike Team Servers and botnet families, both of which applied more resiliency and stealth measures throughout the year. 

Key Findings

  • Our prediction last year anticipating an increase in Sliver, Mythic, Covenant, and Octopus C2 frameworks was only partially correct. While there has been small increase in use of Covenant, Sliver and Mythic, our visibility has shown continued reliance on Cobalt Strike with minimal adoption of newer C2 frameworks.
  • 25% of detected servers (3,400 servers) were not referenced in open sources; they were only identified on the Recorded Future Command and Control source.
  • Recorded Future observed an average of a 35-day lead time between when a C2 server is detected by our scanning efforts and when it is reported in other sources. 
  • While Emotet’s return has garnered headlines, other botnets have continued to insulate, diversify, and grow their infrastructure during Emotet’s absence in 2021. 

Editor’s Note: This post was an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

The post 2021 Adversary Infrastructure Report appeared first on Recorded Future.

The 2022 Threat Intelligence Outlook

Joining us this week is Jason Steer, principal security strategist at Recorded Future. Our conversation centers on the state of threat intelligence in a rapidly changing security environment, how organizations are adapting and evolving their threat intelligence strategies, as well as Jason Steer’s outlook on some of the security challenges professionals are likely to face in the year ahead. 

 

This podcast was produced in partnership with the CyberWire.

The post The 2022 Threat Intelligence Outlook appeared first on Recorded Future.

Scroll to top