Visual C++ code generation bug

In my experience it's reasonably common to find some valid C++ source code that a particular compiler can't handle.  However, thankfully, it's much rarer to find a situation where a compiler accepts valid source code without complaint but then generates machine code that doesn't do what it's supposed to.  I say "thankfully" because, in the same way that it's better to structure your code to break at build time rather than runtime, I'd rather bugs in the compiler itself manifested themselves during compilation rather than when running the resulting program.

Read More

Real-Time Data Analysis Just Got Easier: Anomaly Detective v3.2

We've been busy here at Prelert, what with preparing for a handful of upcoming presentations and conferences (Mass TLC Big Data Summit, Big Data Boston Meetup, International Conference on Data Mining)...

Last week marked the official release of v3.2 of our Anomaly Detective® app for Splunk.  We've made a couple of updates since launching v3.1 in February.  New features include real-time monitoring dashboards, pre-packaged real-time anomaly searches that can be conducted with the simple push of a button, and an improved handling of periodic data.

Read More

Successfully Analyzing Data that is Batch Loaded into Splunk

In one customer engagement, we came across a situation where the customer's proxy logs were being forwarded to Splunk only once per hour. So, instead of forwarding the events in real-time to Splunk, the files were forwarding only at the top of the hour. This meant, of course, that at the top of each hour, Splunk had a big indexing task - swallowing all of the events from the proxy from the previous hour. It didn't do it instantaneously, of course, because there sometimes were more than 5 million events per hour. It could take Splunk over 10 minutes to do that hourly indexing when the event count was that large.

Read More

Down the Rabbit Hole: How Anomaly Detection Works

Image Credit: Hector Garcia, flickr

So what is anomaly detection and how does it work? We worked together with a video crew to explain anomaly detection software in general, as well as our approach to the technical challenges of applying automated anomaly detection on modern data sets.

What is Anomaly Detective? is a high-level look at how Anomaly Detective acts as your own personal "Machine Intelligence Partner."

Automated Anomaly Detection: Under the Hood is a more technical trip down the rabbit hole that delves into the process, theories, and statistical models of how we can identify anomalies in semi-structured data.

Read More

Upgrade Your Security With Population Behavior Analysis

Sad but true, if your organization is a prime target for security threats, you should assume that your defenses have already been infiltrated by advanced attackers and it is only a matter of time until the theft or disruption begins. So besides securing your environment, security teams should have another goal, and that is detecting the advanced threats that have successfully penetrated their environment. Anomaly detection is receiving a lot of interest in this regard because it can find the “fingerprints” of an attack in progress.

In the struggle between IT security teams and criminal hackers, the opponents are equally matched in skills, knowledge, talent, creativity and motivation. But the bad guys have the advantage in an environment that relies on traditional (white list/black list or last-known threat) defenses. Why? One team is building defenses against the last-known threat, while the other is trying to develop new ways to get around those defenses. A great analogy is the situation of the TSA versus terrorists. Terrorists try to blow up a plane with liquid explosives and the TSA knows to pay close attention to liquids. Terrorists use shoe bombs and we have to take off our shoes to go through security. In the “last-known threat”-based security paradigm, the bad guy has the advantage of creating the new or unknown threat profile.

A Closer Look at the Target Security Breach: Target Did Receive Security Alerts

Read More

5 Warnings from Your Proxy Server that Could Signal a Hack

Your organization’s IT perimeter is undoubtedly secured by a complex network consisting of everything from malware detectors and virus scans to vulnerability scanners and intrusion prevention systems. But truly defending your organization requires guarding against advanced threats that have already gotten past your perimeter. One place to start is to heed the alerts generated by your proxy servers, using anomaly detection software to identify behaviors outside the norm.

Here are some ways for your IT security team to identify such attacks and shut them down early.

Read More

7 Ways To Find Rogue Users

When it comes to your organization’s IT security, it’s important to balance the company’s need to mitigate risk with employees’ freedom to do their jobs effectively. While employees need to be allowed the latitude to use the Internet without undue restrictions, you also need to ensure your organization stays safe.

The trend toward bring-your-own-device (BYOD) has introduced a new level of complications to corporations’ efforts to keep data safe. For example, companies often prohibit the use of Yahoo email or Gmail in the workplace, but many employees use these for their personal accounts, commonly logging on with their smartphone or laptop and exposing these devices to threats beyond the company’s control.

Read More

3 Ways to Reduce the Amount of Useless Security Alerts

Every day your IT security operations team deals with logs filled with alerts about potential threats to your systems. Most of these alerts are essentially useless, just repeats of minor events that your security systems have seen before and managed with tools already in place.

But amid all the “noise” are the fingerprints that identify real threats your IT security team must address. If your organization is small enough that it only experiences a few alerts per day, then you may have the tools necessary to interpret these and take steps to correct any problems. It’s more likely though, even if your organization is small, that you experience more alerts in a day than any human can realistically or effectively handle with manual forensic analyses.

Read More

How to Identify Abnormal User Behavior with Anomaly Detection

It can happen to even the most vigilant organizations: Information not intended for external distribution gets sent outside your network. Sometimes it’s caused by an unsuspecting employee clicking on a link in an email or landing on an infected site while researching on the Internet. Unfortunately, there are also intentional behaviors that can land your organization in hot water, like an unauthorized use of IT resources to promote racist, harassing or extremist content.

How can you monitor for rogue user activity without unnecessarily infringing on the privacy of users?  The key is to use anomaly detection software that flags abnormal user activity. More than “big brother” trying to limit use, anomaly detection software looks for rogue behavior that can expose your company to harm.

Read More

Implementing QuickMode for Anomaly Detection

The flagship new feature in version 3.1 of Prelert Anomaly Detective for Splunk was QuickMode: a way to apply analytics to existing Splunk timechart searches without any extra configuration.  In this post I’m going to explain how this was possible.

Let’s start by looking at how Splunk’s timechart command transforms its input.  You might think it directly plots a chart, but actually it just takes a set of input events containing some fields and outputs a different set of events with the data pivoted.  (In Splunkweb a Javascript or Flash component can take this output and create a graphical chart.)  You can what the timechart search command alone does in Splunk if you view its output in “Table” mode rather than “Visualization” mode (or “Results Chart” mode in old versions of Splunk).

Read More

Subscribe to updates