balgan | 3 years ago | on: Do you remember Ultima Online?
Remember? Still actively play it! UOForever shard, come join us!
balgan's comments
balgan | 4 years ago | on: The utilization of 44/8: the reason I mapped IPv4 and IPv6
https://github.com/hrbrmstr/ipv4-heatmap for example
balgan | 4 years ago | on: Insurers run from ransomware cover as losses mount
balgan | 4 years ago | on: U.S. to work with Big Tech, finance sector on new cybersecurity guidelines
Hey
Yes the group will continue to meet and I believe more will come out overtime as we start to better define how we as private entities can help the gov.
Ransomware and attacks on critical infra were the big ones - Joshua our CEO wrote a bit about it here https://www.coalitioninc.com/blog/coalition-meets-with-presi...
- our baseline is internal. We are with our customers end to end. From selling the policy to scanning them, notifying them and we have our own incident response team which means that we learn a lot with every claim. So when we add a vulnerability in critical state in Control you can assume it came from learnings of losses combined with our cybersecurity expertise.
balgan | 4 years ago | on: U.S. to work with Big Tech, finance sector on new cybersecurity guidelines
The same thing we do with RDP we also do with any critical vulnerability we notify customers in Control (example all of the latest Exchange vulns)
balgan | 4 years ago | on: U.S. to work with Big Tech, finance sector on new cybersecurity guidelines
The great thing about insurance is that we don't just get to create baselines our policyholders must adhere to, we also get to enforce them. A perfect example of this is anyone that has a policy with us must have RDP behind VPN/ whitelisted only to specific IPs. I spent years trying for free to convince orgs to do this and was ignored, here we convince all our policyholders to do it and everyday more and more companies as we onboard them.
For backups, not only do they need to have it, they need to be tested, kept offline and encrypted - this doesnt apply to all its split by revenue bands/industry/mix of other logic.
IoT devices - they get notified in Control if we find any on the internet and told to not have them directly exposed
balgan | 4 years ago | on: U.S. to work with Big Tech, finance sector on new cybersecurity guidelines
Director of Engineering - Security from Coalition here (we participated in the event) - We committed to building more free security tools for all organisations to protect themselves. We’ve already made Coalition Control our Attack Surface discovery and monitoring platform free (https://control.coalitioninc.com) and we will continue to add more features and more tools for free there. If there are any questions,I am happy to answer them!
balgan | 4 years ago | on: Cyber Insurance Incident Response: Market tends towards commoditization
There are multiple parts to the underwriting process (full disclosure I run the team that does data collection and security at Coalition where the op you're replying to works). Part of the data we collect is used for risk selection (do we want you on our book?) and then other piece is used for pricing and thats where technologies, providers and a lot of other things come in! Lmk if u have any questions!
balgan | 4 years ago | on: Cyber Insurance Incident Response: Market tends towards commoditization
Hi, person responsible for the teams that do this at Coalition! Anytime you get a quote from us, we scan all your domains, subdomains and ip addresses. We hit the main ports that might have services running we know are dangerous and your quote might come back contingent on certain actions, for example: if you have Admin panels exposed to the internet we will require that you put them behind a VPN. We give you a PDF that describes all our findings and how we did the association with your org. If you become a policyholder we offer perimeter scanning and notify you when we find weird stuff and make security experts available at no cost to help you fix things! You can read more about it here https://www.coalitioninc.com/blog/analyzing-policyholders-te... though what we do at underwriting time has substantially evolved since. Ask me anything here or on twitter @balgan
balgan | 4 years ago | on: Coalition, a cyber insurer releases new free attack surface management
Great job team!
balgan | 5 years ago | on: Easily Identify Malicious Servers on the Internet with JARM
Deffo not as large parts of it isnt even used. Current techniques involve building lists of active ranges and focusing the scan on those.
balgan | 7 years ago | on: Kubernetes clusters being hijacked to mine cryptocurrencies
CEO of BinaryEdge here, ur 100% right. If I show you the queue of posts we have you'd see similar posts to this one just with different technologies that we have seen being infected or misused(etcd, docker, and about 10 or 20 more types of DB's).
balgan | 8 years ago | on: A vulnerability rating of your IP address
We respect a blacklist, just drop us an email on [email protected] and we can add your ips to the blacklist and we will never touch them again!
balgan | 8 years ago | on: A vulnerability rating of your IP address
Thanks for this info, I've asked the guys to try and fix this! Apologies in advance!
balgan | 8 years ago | on: A vulnerability rating of your IP address
Feedback like this is exactly why we made the formula open, we believe there is still lots that can be done with this. Please submit an issue on https://github.com/binaryedge/ratemyip-openframework so that we can have a discussion about impact/usefullness!
balgan | 8 years ago | on: A vulnerability rating of your IP address
If you find an issue with the calculation please submit an issue on https://github.com/binaryedge/ratemyip-openframework so that we can address it! Thank you so much!
balgan | 8 years ago | on: A vulnerability rating of your IP address
Hi!
1 - Its scanning 200 ports
2 - Indeed atm we just provide an overall view, we intend to improve this tool further. We had too many people requesting us custom scans when Doublepulsar came out.
3 - True, please submit an issue on the github so a discussion about this can be started. We like having an open formula that people can change/comment on.
4 - Scans are from last 2 months and will keep changing accordingly. It queries our database rather than doing an active scan!
balgan | 8 years ago | on: A vulnerability rating of your IP address
- For IPv6 rather than scanning the entire space, we are currently passively collecting addresses from multiple sources and scan specific addresses
- We wouldn't use shodan as we developed our own custom scanners and methodologies of scanning to increase data quality which is extremely important for our customers (cyberinsurers, SoCs, cyberrating companies). We also do some specific things with data which you can check on http://blog.binaryedge.io/2016/11/18/bsides-lisbon-2015/
balgan | 8 years ago | on: A vulnerability rating of your IP address
We agree that some of the "values" might seem a bit out of place`, we discussed them with multiple security professionals and tried to come up with the best with the different opinions we were given. Please please please submit an issue on the github. Far too many ratings work as blackboxes which is why we decided to "open" our formula. The link for the github is https://github.com/binaryedge/ratemyip-openframework
balgan | 8 years ago | on: A vulnerability rating of your IP address
Using the "auto detection" is part of our free offering, our partners usually are able to look at specific ips as we work with cyberinsurers!
page 1