ExtraHop Top5: April 8, 2015

Welcome, intrepid reader, to the inaugural (read: first of many) ExtraHop Top5s. "But what is this greatness of which you speak?" you ask. The Top5 slices, it dices, it'll even fold your laundry (Note: it cannot slice, dice, or fold anything in corporeal space). What it does best of all, though, is keep you up to date on the wickedly cool content being cranked out by ExtraHop's army of geeks. That army, hell-bent on complete world domination via wire data analysis, has been rocking out hawesome (totally a word) blogs, forum posts, articles, and more since roughly the beginning of time. Roughly. Now that we're beginning to turn the frequency up to 11, we figure we should help you dig through the many things being brewed up at EH HQ. Below, give a shout out to our favorite five items from the past couple weeks along with some info about each of them, hoping to help point you to the gold you need to be the wire-data-wielding hero on your team.

By now I'm sure only the edge of your seat is necessary, so let's get down to it. Here is this week's ExtraHop Top5:

Healthcare's Y2K: The Dreaded ICD-10 Conversion

First up, the ever-timely matter of healthcare is made even more urgent by the impending doom (in the form of a nasty technical headache) that is the ICD-10 conversion. This looming unraveling of many balls of intertwined yarn is something that could not only be a massive time suck, but could actually cost many healthcare institutions some serious coin. Whenever there's a federally mandated shift in regulations there isn't much choice but to suck it up and dance to the new tune. That tune is turning into the Jaws theme rapidly, however, as the deadline is fast approaching and the many disparate systems passing the old (ICD-9) messages are difficult at best to track down, identify, and convert. Terry's trigger magic makes this a snap, and that can be big game for healthcare IT across the country. Deal with healthcare? Take a look to see just how much we've got your back.

Turla Trojan Tactics Trounced

If healthcare isn't your bag, maybe security is. A long time *nix devotee, I couldn't help but dig into a trojan that was credited with affecting Linux systems in hopes of making them do Very Bad Things™. My first real foray into triggers, this snippet will dig through all outbound traffic to identify and track any suspicious traffic. Whether it's due to a known bad Turla string in the payload, or an evil-doing host as the destination, the ExtraHop platform will grab it, tag it, and track it. Slam the code together with an easy-to-follow handy dandy dashboard, and you've got a near turnkey solution for ousting this potential threat. Who else likes crushing vulns? I know I do. And with this post, along with the bundle you can grab from the forums, you can get your hands on the trigger and dashboard in one shot. But don't take my word for it, check it out yourself.

FTP Dashboard: Detect and Mitigate FTP Data Leaks

Do you know who's transferring files to or from devices on your network? Well, Steve does. Or could, rather. He's not literally on your network. That'd be awkward. He does, however, have something that you might wish were there, in the form of this FTP tracking dashboard he put together. Having joined the team sporting a quick wit and a rampant curiosity about … file transfers (because we're extraordinarily exciting 'round here), he decided to solve the mystery of what users, nodes, and files are being used, accessed and sent, respectively, with FTP. This can be a huge eye-opener for some people from many angles, be it security, decommissioning devices or services, or otherwise. If you've got a burning curiosity like Steve's, check out the dashboard he built and see what's being passed around your neck of the woods.

Track the Entire Threat Lifecycle with ExtraHop + FireEye TAP

Speaking of security, if it's a thing that interests you at all, Chris has a heck of a video you should check out. The ExtraHop platform is amazing at digging into any and everything that's happening on the wire. And since we all know that wire data is the truth, and knowing the truth about where your systems' security stance is can be invaluable, it just seems to make sense that we'd pair with security vendors too, right? Enter FireEye, giving us a place to pass all that glorious wire data goodness for some deep-dish-sized security analysis. Sure, perimeters should be hardened and anything getting past that is bad juju, but wouldn't you rather know for certain when and if something does? If so, this video is probably worth the time.

WarRoomChronicles Podcast

Last but nowhere near least in my heart, is the newly minted yet already beloved WarRoomChronicles. The War Room is where the TME team, that is, the team that is cranking out a huge amount of content for consumption by users and community members worldwide, began. While only about half of us still reside here physically, the heart and soul of the team dwells just past the "ExtraHop War Room" sign, modded out with the dino post-it claiming it in the name of TME. We want to get to know you, and you us, since we plan to work with and for the users, customers, and community an awful lot. We'll do so by way of stretching the bounds of our platform and showing off some of the rather cool things it can do that even we may not have known it could do at first. We figure one way that might help you get to know and keep tabs on us is a window into our world. This TME podcast is exactly that. Transparent, unedited, and honest, it's a chance to see what we're up to, where we're going to be, and listen in on whatever cool tech we're geeking out over in hopes of delivering powerful, usable solutions to users. There also might be beer. Maybe. Sometimes. Join us for our WarRoomChronicles every couple Fridays.

And with that, we bring to a close the first ever ExtraHop Top5. I'll be back with more in a couple weeks.