A space for
(content curated by our tribe for yours)
Ready. Set. Go!
(for Expel customers only)
We’ve got you covered when you need to get Expel access but don’t want to dig through bookmarks and notes.
No, we are not talking about the confusion around OAR at this years Olympics. (Psst: It’s not a new country, it stands for Olympic athletes of Russia.) We are referring to unusual remote desktop protocol (RDP) connections that our analysts are keeping an eye out for when they hunt in your environment. Attackers use this technique to move latterly, and we’ve added it to the list of techniques we look for while hunting in your environment. Not familiar with our hunting service? Reach out to your engagement manager for more details.
For those times when security is top of mind… even when you’re on vacation (it’s okay, we do it it too!) You’ll be happy to know that we’ve turned off IP whitelisting so you can log into Workbench even when you are not in the office. You can also sleep a bit easier knowing that you can change your own password. Bonus - the password can be 255 characters. We also fixed a few thing that previously might have made you do a double take - don’t worry the alert is closed and the actions are complete.
If things look a little different next time you login to the Workbench... but you can’t quite figure out why... that’s by design (heh!). We’re kicking off the new year with housekeeping. We’ve buttoned up (and straightened up) some of the lines and put things – like the reason investigations are closed – where you’d expect to find them (spoiler alert: on the investigation page).
If you’re a picture straightener you’ll find lots to enjoy starting with the list of Fixed items, which is a real page turner scroller this week!
In light of the recent CPU vulnerabilities that affect multiple CPU vendors, we wanted to give you an update on our internal response.
Expel has assessed the risk introduced by the Meltdown and Spectre vulnerabilities and we’ve already begun patching our production infrastructure as well as all internal IT systems. While we’ve not seen any evidence of exploitation of these vulnerabilities in the wild, we believe it’s prudent to expedite this patching process.
“A watched pot never boils.” Or so the saying goes. That’s what we’re hoping. Because while you were (hopefully) out eating too much food and drinking eggnog or some other holiday favorite, our elves added a snazzy new status page that lets you see whether the Workbench is being naughty or nice.
We’ve also fixed up the situation report so it’s easier to size up what’s going on. And -- as always -- we’ve stomped out a bunch of pesky issues.
"Oh, it's already been broughten."
There's a lot to cheer about in this week's release. Too much to fit in this summary, so make sure to scan through the complete notes for all the goodness.
To begin, we're happy to announce email notifications from Workbench! No matter where you are, you’ll be alerted immediately via email when Expel has identified a new security incident or launched an investigation in your organization. You’ll also know when a remediation action or investigative action has been assigned to you. Expel notification emails have just enough detail to help you quickly decide if any action is necessary and if so, what action to take.
The main dashboard now includes a set of Activity metrics along the top that summarize everything going on in the Workbench for the past month... or week or quarter. Popping open the drawer displays the (fancy new) pie charts, shutting the drawer saves space but keeps the metrics in sight. The sharp-eyed might notice that we also changed the name of this dashboard to Situation Report, which is much more accurate.
Articles and announcements