Monday, October 24, 2016

Special Tabula Rosa Systems Blog For 10/24/16 - Security For Bots and IoT - Attivo Solutions

Tabula Rosa Systems is a "best of breed" provider for network, security and systems management. Given the recent Dyn's managed DNS service attacks which cauesed numerous blackouts, this blog is focused on what transpired and on a product to protect enterprises from these types of attacks, Attivo Networks.

Below is an article from TechCrunch depicting the DDoS attack on Dyn's DNS services.

Following the article is an overview of Attivo Networks, a powerful deceptive security product which offers compelling solutions for Bots and IoT.

SUNDAY, OCTOBER 23 2016 By Darrell Etherington From

Sunday Snapshot 10/23/16

Vulnerable: Friday's DDoS attack on Dyn's managed DNS services brought low a huge chunk of the web for East Coast internet users, including Amazon, GitHub, Shopify, Twitter and the New York Times. It was among the most protracted and most extensive internet outages I can remember ever experiencing, and it's at least a little terrifying.
The attacks were first noticed early in the morning Eastern time, and at first seemed like the kind of run-of-the-mill outages that typically last a little while and inconvenience a few users for  a specific service. But the problem didn't go away, and it spanned multiple sites, rather than remaining localized to just one or two. Dyn at first said it had addressed the problem a little later on that morning, but by mid-day the DDoS attacks came back with reentered vigor and brought service disruption throughout the remainder of Friday. The second phase of attacks also targeted Dyn data centers beyond just the East coast facilities targeted earlier in the day, with around 20 centers around the world suffering targeted takedowns.

It was a concerted effort to knock out Don's services, and it was perpetrated using the Mirai botnet, and included "10s of millions" of unique IP addresses, according to Dyn, which means 10s of millions of IoT devices might have been involved, making it potentially the largest concentrated botnet attack on record.

Mirai basically operates by continuously reaching out via the internet and seeking IoT devices, then using a database of known factory default username and passwords to take them over and make them part of the botnet. Sadly, a significant percentage of these devices, which include popular inexpensive web-connected security cameras, never have their default login credentials changed post-purchase, making them easy targets for this kind of attack.

The end result is a new reality for the internet, one in which an attack like the one we experienced isn't an isolated (or even potentially a rare) occurrence. For those of us who were trying to do anything online during the incident, the idea that this kind of thing could become a more frequent occurrence is definitely chilling.

The Attivo Networks IoT solution provides deployment of deception technology across widely used protocols including XMPP, COAP, MQTT, and DICOM based PACS servers. These protocols are used by IoT vendors to support a wide array of applications that allow for more cohesive machine-to-machine communication and monitoring concerning critical data and machine status.

Customers can configure the Attivo ThreatMatrix Deception Platform to look identical to the IoT devices on their network. The Attivo BOTsink® engagement servers and decoys appear as production IoT servers and services, deceiving attackers into thinking they’re authentic. By engaging with decoys and not with production devices, the attacker reveals themselves and can be quarantined and studied for detailed forensics. The Attivo analysis engine will analyze the attack techniques, the lateral movement of the attack, which systems are infected, and provide the signatures required to stop the attack. The attack analysis can then be used to improve incident response by automatically or manually blocking and quarantining the attack through integration with third party prevention systems.

If there is interest in Attivo, please contact Tabula Rosa through our website. This information is listed below.

Another Special Announcement - Tune in to my radio interview,  on Rider University's station, I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.   

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.

I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me

No comments:

Post a Comment