FAQ with Miles Brinkley from Darktrace

By | Security | No Comments

Miles Brinkley – Cyber Security Account Executive, Darktrace

A Darktrace FAQ with Miles Brinkley

Miles Brinkley travels extensively keeping very active engaging Cybersecurity professionals and C-Level executives in their data centers and as the headline speaker at countless cybersecurity speaking engagements.  We recently sat down with Miles and asked him to share the most frequent question he is asked about Darktrace.

Q: How do you avoid false positives? If you don’t use rules or signatures or outright determine what’s good or bad behavior in the network, how can I be sure you won’t just flag innocuous activity and disrupt me with harmless alerts all day?

A: This is a good question and one that I am often asked. Darktrace’s machine learning and AI avoids false positives on the principles of just that—it doesn’t actively “look” for anything good or bad, or use rules or signatures to predict what’s coming. It simply learns your network activity—every user, device, and IP—and determines what is anomalous as opposed to what is normal activity. In the beginning learning period of your network, you may experience a bit more “white noise”—small statistical deviations from normal and subsequent alerts, but this only lasts for a few weeks to a month at most. The machine learning will quickly learn your network and cluster like devices, servers, and IPs based on daily functions and traffic patterns, and will continue to grow and scale with the network. Thus, the white noise will quickly disappear, and all alerts you receive-big or small-will be worthy of investigation and substantive. It’s consistent with the enhanced visibility the AI provides into your network.

In the same way, the autonomous response (Antigena)’s AI intelligence will not affect or disrupt your network chasing white noise alerts. It is intelligent enough to only take action on items that cross a reasonably significant threshold score, which you can set and edit yourself within the UI.

About Darktrace: Darktrace is the world’s leading AI company for cyber defense. With thousands of customers worldwide, the Enterprise Immune System is relied on to detect and fight back against cyber-attacks in real-time. The self-learning AI protects the cloud, SaaS, corporate networks, IoT and industrial systems against cyber-threats and vulnerabilities, from insider threats and ransomware to stealthy and silent attacks. Darktrace has over 800 employees and 40 offices worldwide. It is headquartered in San Francisco, and Cambridge, UK.

Contact us to learn more about the free 30-day trial

In 95% of organizations, Darktrace finds genuine cyber-threats that others have missed, from insider threat to IoT hacks, malware and misconfigurations to data leakage and unusual behaviors.

During a 30-day trial, Darktrace software will discover what’s lurking inside your organization.

 1-hour installation by your dedicated Darktrace Cyber Technologist
 Rapid results
 Bespoke threat reports for executives
 No commitment

VMware Assessment Tool

By | General | No Comments

Hello vSphere Administrators!

Are you running vSphere 6.0? How about (Gasp!) 5.5? Or even (Gasp! Gasp!) 4.x?? Well, it’s time to upgrade! vSphere 5.5 went End of General Support on 9/19/2018 and vSphere 6.0 is going End of General Support on 3/12/2020. It’s time to move to vSphere 6.5 or, better yet, 6.7. The first step to upgrading is going to be running the vSphere Assessment Tool. The Assessment Tool is simply a program that runs on a Windows, Mac or Linux machine in your environment. The tool will collect information from vCenter then send it back to the assessment web site for analysis and reporting. This blog will walk you through running the Assessment Tool and looking at the assessment.

Step 1 – Download the Assessment Tool

  1. Browse to https://pathfinder.vmware.com/vsphereassessmenttool/ and click Get Started.
  2. Sign in to the web site using your my.vmware.com account.
  3. Agree to the terms then click Let’s Get Started.
  4. First we will capture the vSAT passcode. We will need this later when we upload the assessment. Click on VSAT PASSCODE in step 2 and make note of the code provided.
  5. Now click DOWNLOAD on step 1.    Assessment Tool
  6. Select the correct download for your OS
  7. Once the download has finished, install the assessment tool.

Step 2 – Running the Assessment Tool

  1. Run the vSphere Assessment Tool. It will run automatically after the install or you can run it from your desktop. This blog will use the Windows version of the tool.
  2. Click START. If you didn’t already know to do that, please close this blog now…
  3. Click ADD VCENTER ACCOUNT   
  4. Enter the URL, username, and password for your vCenter server. Click ADD
  5. If the account information you entered was correct, the vCenter will be added to the list. You can add multiple vCenter systems by clicking on ADD VCENTER SERVER ACCOUNT or run the assessment by clicking on RUN DATA COLLECTION.   
  6. Once the data collection has finished, click PROCEED
  7. Now we will send the collected data back to VMware in order to get the results. Click on SEND COLLECTED DATA. 
  8. Enter your passcode to allow the Assessment Tool to upload the data. This is the code you copied from Step 1, task 4. Click SEND COLLECTED DATA
  9. The Assessment Tool will upload the data then display a confirmation. Click CLOSE to return to the Assessment Tool. 
  10. At this point, you can close the vSphere Assessment Tool application.
  11. Go back to the vSphere Assessment Tool dashboard: https://pathfinder.vmware.com/vsphereassessmenttool/dashboard. You may need to refresh this page. It should show “Analyzing data…”. 
  12. Once the analysis is done, you will see the results page.

Step 3 – Interpreting the results of the analysis

  1. The Summary page will show the host overview. In this environment, I have 12 ESXi 6.0 hosts. 
  2. On the left-hand side, click on your vCenter server name. This will show you all the ESXi hosts. It will show you which hosts are compatible and which are not supported. In this case, 6 of my 12 hosts are not supported on 6.5 or 6.7. Sounds like I need to call Xiologix and purchase some servers! 
  3. If we click on host esxi1.mydomain.com, we can see the details of this host. In this case, the host is an HP ProLiant Gen6 which is not supported on vSphere 6.5 or vSphere 6.7. The network devices and Storage Devices check out OK on vSphere 6.7. 
  4. If we click on the vSphere 6.5 tab, we see that the host itself is still not supported, the network devices are supported but the storage device has a compatibility issue. 
  5. You should go through all the hosts with issues and look at all the alerts. If you have a driver issue, you can update the driver then rerun the assessment tool to see if the host passes.

For additional assistance, check out:

  1. vSphere Updated Resources: https://vspherecentral.vmware.com/t/vsphere-upgrade
  2. Upgrading to vSphere 6.7 eBook: https://vat-download.pathfinder.vmware.com/5350_VMW-EB-UPGRADEVSPHE67-USLTR-20181102-WEB.pdf
Fortinet Platinum Partner

Tips for Finding the Right Fortinet Partner

By | Security | No Comments

Have you struggled with how to go about finding the right network security partner? For as many cybersecurity services and solutions as there are out there, there are many more organizations willing to sell those cybersecurity services and solutions to you.  We have some tips to help you easily identify the best Fortinet service and solution providers for your cybersecurity needs. Read More

Mobile AP Solution – Ruckus M510 AP

By | Networking, Wireless | No Comments

Read More

Fortinet earns TWO 2019 US SC Awards!

By | Security | No Comments

Fortinet earned the Best UTM Security Solution Trust Award AND the Best Security Company Excellence Award!

Fortinet has had a well-earned great week at #rsac2019! In addition to announcing the new FortiInsight UEBA solution, it was announced that Fortinet earned the Best UTM Security Solution Trust Award AND the Best Security Company Excellence Award! These are a few of the great honors that SC Media awards each year and an invaluable service they provide in highlighting cybersecurity brands making strides in protecting our organizations, customers and data. We are excited to see Fortinet and many of our other technology partners honored with these prestigious awards. Read More

Xiologix CTO Christopher Kusek Earns 2019 VMware vExpert Designation!

By | General | No Comments

Christopher Kusel Earns VMware vExpert Designation for 11th Consecutive year!

It is official – He is in! Christopher Kusek once again earns vExpert designation for the 11th consecutive year! VMware vExperts have demonstrated significant contributions to the community and a willingness to share their expertise with others. Congratulations Christopher!  

Read the Full Announcement Here.

Call Now Button