The Ridgeback Backstory

By |2017-10-30T18:30:41+00:00October 27th, 2017|blog|

Thomas Phillips drew on his unique background to develop an original approach to cybersecurity - interactive deception. Ridgeback Network Defense’s co-founder and CTO has not only spent 30 years of developing software but also has extensive experience in both offensive and defensive hacking. He studied computer science and psychology in college and is a military [...]

Hardware Security: Should you replace your IT equipment?

By |2017-10-24T13:12:17+00:00September 27th, 2017|blog|

In the IT world, upgrading equipment is normal. However, businesses often view IT as a cost center, so spending on new equipment is highly discouraged unless absolutely necessary. The existence of better gear is rarely an acceptable reason for a hardware refresh. What about new hardware is that is more secure? Is better security a good [...]

Security experts vulnerable. Deloitte hacked.

By |2017-10-06T18:21:03+00:00September 26th, 2017|blog|

Deloitte is a multinational professional services firm that “provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries.” In 2017, Gartner ranked Deloitte security consulting number one globally for the fifth year in a row. By all accounts, Deloitte is a well-respected company that definitely has their act together. [...]

Ridgeback participates at ISACA

By |2017-09-12T13:05:33+00:00August 1st, 2017|blog|

ISACA, US is an independent, non-profit, global association engaged in the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems. With more than 600 active members, Pune Chapter of ISACA organized an annual conference on Transforming Security and Governance for Digital Age on July 7 and 8, 2017. Ridgeback was [...]

Good Times at BSidesCharm 2017

By |2017-06-07T15:48:16+00:00May 4th, 2017|blog|

BSidesCharm 2017 has wrapped up. There was fantastic weather, a huge crowd, plenty of great talks and training, a hiring village, and best of all, hackable badges! Hackable Badges at BSidesCharm I was one of the organizers again this year, helping to organize and manage the registration and check-in for the conference at the [...]

State of the Acid Test, 2016 and 2017

By |2017-05-30T18:12:32+00:00February 7th, 2017|blog|

Just a quick note about the Ridgeback Acid Test Event... The Ridgeback Acid Test Events of 2015 were hugely popular. I really, really wanted to run another test event around October of last year (2016), but things became far too busy. We released Ridgeback Hunter 2.0, with it's new slick interface and included Ridgeback Log [...]

Here Comes Ridgeback Cloud

By |2017-07-11T12:53:15+00:00February 7th, 2017|blog|

The feature customers have asked for the most is cloud management for Ridgeback Hunter. Guess what? Here it comes!   We used to sell only a hardware appliance. Customers kept asking for a software version, so we released Ridgeback Hunter in March 2016, a software version that runs on servers or on virtual machines. After [...]

DDOS Explained

By |2017-05-30T18:32:36+00:00October 26th, 2016|blog|

Distributed denial of service (DDOS) attacks have been in the news lately, and a number of people have asked me whether Ridgeback can prevent such an attack. What seems like a simple question actually touches on some complex issues. This post breaks it all down. First, a DDOS attack consists of: An unregulated network connecting [...]

August 12th, 2016

By |2017-07-11T15:47:56+00:00August 12th, 2016|blog|

Logs are something we all love to hate. All the good stuff can be found in the log files, but often the amount of data becomes overwhelming. And then there is the fact that everything out there has its own log format. I had discussions about HP ArcSight, McAfee Enterprise Security Manager, IBM QRadar, Splunk, [...]

Where are the simulators?

By |2017-08-02T19:58:39+00:00June 10th, 2016|blog|

First, in case you missed it, Ridgeback Hunter version 1.3.0 has been posted in the early access forums. Now on to the topic of simulations... During the two Ridgeback Acid Test Events in 2015, Ridgeback had a number of basic simulators behind the responders. That is, you could connect to a decoy on a TCP [...]

Look at those Decoys Lighting Up

By |2017-05-30T18:48:46+00:00June 9th, 2016|blog|

Just a quick screenshot from version 1.3 showing a whole bunch of decoys lighting up in response to reconnaissance. Notice how all the lines are converging back onto the endpoint that did the recon. I took this screenshot while working on log normalization. The new log format for version 1.3 makes reporting and integration much [...]

Ridgeback Finds a Threat

By |2017-07-13T12:15:15+00:00June 6th, 2016|blog|

Ridgeback Hunter runs on a variety of platforms, including laptops. I almost always run Ridgeback on my laptop whenever I connect to a network. This gives me a high-level perspective of how the network is operating and alerts me to any threats lurking on the network. The networks I connect to are often relatively safe, [...]

1.3 Sneak Peek

By |2017-07-13T12:16:39+00:00June 2nd, 2016|blog|

Just a quick sneak peek at 1.3. Even when decoys are not activated and Ridgeback is in network security monitoring (NSM) mode, it still sees reconnaissance. This is awesome for for those who need to do network troubleshooting.  

Ridgeback Hunter and Interfaces

By |2017-07-13T19:48:25+00:00May 25th, 2016|blog|

Two things today - the new Ridgeback Hunter name and some information about Ethernet interfaces. First, a name change. Ridgeback Agent is now called Ridgeback Hunter. The term "agent" was causing some confusion, thus the name change. (A single instance of Ridgeback Hunter can support many networks. Ridgeback Hunter does not need to be installed [...]

Network Situational Awareness with tcpdump

By |2017-05-30T19:22:12+00:00May 24th, 2016|blog|

A few weeks ago I gave a brief talk on using the tcpdump utility for situational awareness on networks. The talk was for a general audience. The tcpdump utility can be used for security monitoring, audit, or just plain IT management. I am putting the slides up for download by anyone who might be interested. [...]

Are you a good security professional?

By |2017-07-14T12:30:11+00:00May 4th, 2016|blog|

I recently read some posts from information security people who seemed to lack confidence in their abilities. Citing imposter syndrome, a feeling that they are not as competent as people think they are, they mused over whether their own skills and experience justified their roles as security professionals. This post is to spell out plainly [...]

BSidesCharm 2016

By |2017-05-30T19:25:43+00:00April 26th, 2016|blog|

What a weekend! BSidesCharm 2016 has concluded. There was a fantastic turnout with multiple speaking tracks, training, some CTF rooms, crypto challenge, fox chasing, happy hour, party -- all around fun for all! I gave the talk, "The Value of Deceiving Attackers." The talk was non-technical and attempted to guide people from thinking about static [...]

I want YOU in the next Acid Test

By |2017-05-30T19:28:36+00:00April 26th, 2016|blog|

I want to gear up for another Acid Test. Instead of jumping right in, I would like to get some people trained up on running things. We can set stuff up at the UMBC incubator and run periodic training/hacking sessions for 1-2 hours at a time. The question is, what days / times are best [...]

Ridgeback Agent for Basic Deception

By |2017-05-30T19:30:29+00:00April 20th, 2016|blog|

This post is to help you get up and running with the Ridgeback Agent using the basic deception configuration. The Ridgeback Platform is very versatile and extensible, so don't be put off if this configuration is too simplistic for your needs. To get started, we will need the Ridgeback Agent software (with a valid license [...]

Linux System Administrator – Now!

By |2017-07-14T18:00:13+00:00March 4th, 2016|blog|

We have an immediate need for a bright, highly motivated Linux system administrator.  The job includes preparing systems for delivery to customers, helping assess customer needs, managing test environments, and wrangling other odds and ends.  Let me know if you are interested.

March 2nd – Introduction to Deception Technology

By |2017-07-14T18:23:06+00:00February 10th, 2016|blog|

The seminar on deception technology in January went very well, so on March 2 we are doing it again.  Many people who could not attend January said it was difficult to take off two days for a seminar.  We are compressing the material into a single day to help people with their schedules.  For those [...]

Introduction to Deception Technology

By |2017-07-14T18:23:09+00:00December 29th, 2015|blog|

Deception technology can change the game for cyber-defense. We are hosting a paid seminar titled "Introduction to Deception Technology" on January 13-14.  "Introduction to Deception Technology" is a two-day seminar for cybersecurity professionals who need to understand how the landscape of cyber-conflict is evolving.  You will learn how to better protect your organization's assets using [...]

Turtles versus Raptors: Are you hiding behind false walls?

By |2017-07-14T18:23:13+00:00October 17th, 2015|blog|

When it comes to security, there are two kinds of organizations -- turtles and raptors.  When an adversary attacks your organization, your posture as a turtle or a raptor matters quite a bit. A turtle organization has a hard, outer shell, but a soft, vulnerable interior.  The organization spends a lot on firewalls and intrusion [...]

US East Coast Events: October 2015

By |2017-05-31T12:28:01+00:00September 24th, 2015|blog|

10/5 - 10/6 Washington DC: ACFCS 2015 Cyber Financial Crime Summit 10/7 New York, New York: Buy-Side Technology North American Summit  10/7 - 10/9 Arlington, Virginia: Homeland Security Week 10/9 Raleigh, North Carolina: BSides Raleigh 10/14 New York, New York: New York Metro Joint Cyber Security Conference 10/15 McLean, Virginia: Fall 2015 Cybersecurity Summit 10/15 Greenbelt, Maryland: NASA Goddard Cyber Expo 10/19 - 10/21 Washington DC: CSX 2015 [...]

Ridgeback Expands into the CyberHive

By |2017-05-31T12:43:27+00:00August 7th, 2015|blog|

Good times!  Ridgeback is growing and has expanded into the bwtech@UMBC CyberHive office space.  This extremely stylish office environment is letting us bring in more people and set up new test and demo equipment.  The CyberHive is definitely the place to visit us if you want to see a Ridgeback security appliance today.

Global interconnectivity beckons imminent disaster

By |2017-05-31T12:48:54+00:00August 2nd, 2015|blog|

I do not like fear mongering.  However, I do believe that technological advances are outpacing our collective understanding of their implications.  There is a dangerous difference between our understanding and what is actually happening.  We need to take action now. The threat I worry about is global interconnectivity.  As in, who the hell thinks it [...]

Hacker – Unpaid Internship

By |2017-07-14T18:25:26+00:00July 24th, 2015|blog|

Hack from a tropical paradise!  Well, hack from wherever you are.  If like to hack, and want to build your skills and experience, then this may be the internship for you.  We need an intern to spend their time hacking into assigned targets, day or night, and from remote locations if you prefer.  You will [...]

Sysadmin – Unpaid Internship

By |2017-05-31T12:54:51+00:00July 21st, 2015|blog|

We are looking for good sysadmins to help with some odds and ends.  If you think you are a good sysadmin and want some real-world experience at a cybersecurity startup, let me know.  Enthusiasm is a MUST.  In general, this is the job description: Required Knowledge Linux system administration, to include installation and configuration Basic [...]

What is an Actor?

By |2017-05-31T12:58:19+00:00July 13th, 2015|blog|

The short answer: An actor is someone or something that is capable of sending information across your network. The long answer: The Ridgeback security appliance is really tracking agents in the sense of philosophy, sociology, linguistics, and artificial intelligence.  That is, an agent is an entity capable of "agency," or essentially capable of making something [...]

Post-Event Writeup, Ridgeback Acid Test Summer 2015

By |2017-05-31T13:01:05+00:00July 10th, 2015|blog|

The Ridgeback Acid Test Summer 2015 event has finally wrapped up.  One important message we got from the spring test event was that participants wanted more feedback on how the test event went.  I am hoping that this post-event writeup will help people learn more about these events, and about computer and network security, in [...]

Your network is like a sponge

By |2017-07-14T18:26:55+00:00June 29th, 2015|blog|

Natural sponges are fascinating structures.  A sponge is irregularly shaped and has no clear entry or exit.  The very idea of a "perimeter" seems completely ill-matched to a sponge.  Once water gets into a sponge, the water can travel to any other part of the sponge through what seems to be a practically infinite number [...]

Summer Acid Test Extended to July 5

By |2017-07-14T18:27:05+00:00June 26th, 2015|blog|

Life at a startup is pretty hectic, and this week has been especially busy.  That's a good thing!  :-) Unfortunately, that means the Ridgeback Acid Test hasn't gotten as much love as it deserves, in terms of the game story.  To fix that, we are extending the event to run until midnight on July 5. [...]

Ridgeback Acid Test Summer 2015 has begun!

By |2017-05-31T13:12:15+00:00June 22nd, 2015|blog|

The summer Acid Test has officially begun!  This time around we have "Basics" documents with tips and tutorials on offensive and defensive techniques, and "Game" documents with backstory and clues. I am hoping that this test event will be a great experience for everyone. (BTW, for the person who requested we make it rain, I [...]

BSidesCharm 2015 Trip Report

By |2017-07-14T18:29:00+00:00April 13th, 2015|blog|

Good times!  In case you missed it, there was a BSidesCharm 2015 security conference in Columbia, Maryland this weekend (April 11-12).  There were many great talks, great food, a great party at Unallocated Space, and the organizers did a fantastic job at putting it all together.  If you weren't there, then you missed Dr. Kryptia's [...]

Ridgeback Acid Test, Spring 2015 Results

By |2017-05-31T13:17:28+00:00April 6th, 2015|blog|

A number of people have asked for a more robust way to communicate about the Ridgeback Acid Test this spring.  So, here we go! The Ridgeback Acid Test events serve two purposes.  First, the events are robust test scenarios for the product we are making.  We needed a robust test scenario because people kept asking, [...]

Speaking at BSidesCharm 2016

By |2017-05-31T13:20:58+00:00February 27th, 2015|blog|

BSidesCharm will be April 23-24 this year, at the Baltimore Convention Center.  At the event I will be giving a talk titled "The Value of Deceiving Attackers."  The talk will touch on topics covered in the Deception Technology seminars. If you are in the Baltimore area this April, I recommend going to BSidesCharm 2016.