Kicking YARA Series – YARA Post #1

For the last few years I have been working in Product Management at Rubrik. One of the offerings I recently launched was the ability to scan backups of different systems looking for Indicators of Compromise (IOCs). These IOCs are intended to help identify systems that have been compromised and are showing malicious activity. The IOC is an indicator of such activity.

When an IOC is file based, if you have access to the backups of the system, you essentially have a time-series history of that system that you can scan for those IOCs. This can helps you to identify details about the initial infection, when it first landed etc., without relying on the primary system being available. At Rubrik we introduced support for scanning for IOCs, using YARA rules (and hashes and file patterns), against the system backups.

You can begin learning more about YARA from the project page, and from the documentation. In this series of blog posts I will share a somewhat eclectic collection of tips, tricks and resources all about YARA and a few things I’ve picked up a long the way.

Stay tuned and I hope you had a Merry Christmas!

Managing Data at Scale in VMware and Hybrid Cloud Environments

Thanks to the VMware User Group I was recently able to share some of my thoughts on managing data at scale across VMware and Cloud environments. In the session I shared some stories covering how operators were managing data using VMware capabilities like vSphere’s DRS and Storage Policies, as well as concepts like Rubrik’s SLA Domains. I covered some interesting topics and customer stories, including:

  • Imperative and declarative automation approaches
  • Policy driven management
  • Application of machine learning to data security
  • Managing data across edge, core, and cloud

If this sounds like your kind of thing then watch the webinar on Managing Data at Scale in a VMware and Hybrid Cloud Environment on-demand.

VMworld 2018 Session Recommendations

VMworld 2018 is just a few short weeks away at this point. Many of those reading this post would no doubt have already filled out their schedule, for those of you who have procrastinated however here are a few sessions that I am looking forward to. To make it interesting I’m limiting my recommendations to one per day, while at the show I fully believe you should take advantage of mingling with others in the community and browsing the show floor to get a sense of some of the innovation that is happening around the ecosystem.

Sunday – Demystifying vSAN Management for the Traditional Storage Administrator [HCI1475QU]

As a fan of vSAN and having listened to Pete Koehler on many topics, I’m sure this will be a great session for anyone looking for to get a handle on how vSAN differs from traditional storage.

Monday – Application modernization with VMware Cloud on AWS [HYP2145BUS]

I don’t think I’m going to be able to watch this one live due to other commitments but will be eagerly watching the replay. I’ve presented with Wen before and also watched Aarthi present so I know this will be a great session for anyone attending.

Tuesday – VMware NSX for Service Providers: A Technical View [HYP2406BU]

Service providers networking is an interesting beast. If networking is your thing then this promises to be an interesting session and you can always trust Ray to get into the details and I expect Tina to bring the service provider perspective into the mix.

Wednesday – Confluent Platform: Introduction and Deployment on PKS [CODE5593U]

There’s a lot of excellent sessions happening on Wednesday, one that is a little out of my ordinary area though is this one on running confluent on top of Pivotal Container Services. Should be an interesting change from the usual VMworld topics.

Wednesday Bonus – Ransomware Threat Recovery Using Rubrik Polaris [SAI3712BUS]

I’m going to cheat and share another session on Wednesday just because I know it’s going to be cool and cover one of Rubrik (my employer’s) latest capabilities presented by a couple of excellent presenters. Promises to be enlightening!

If you’d like to learn more about Polaris before this session check out the Polaris announcement blog post

Thursday – Architecting at the Tactical Edge with VMware vSAN and vRealize [HCI1691BU]

I’ve had a bit of an inside view into what has been happening behind the scenes for this session. It’s going to be interesting to hear about some of the more challenging aspects of this project, and how they were addressed. Promises to be an informative and interesting session with some good presenters!

Other Sessions

If the sessions above aren’t enough to fill your schedule there are several more excellent sessions being presented at VMworld this year. Here are a few of my favorite speakers, any of their sessions should be worth your time if you like to skew a bit more technical in your tastes:

  • Rebecca Fitzhugh – has an awesome array of presentations this year, all of which will no doubt be amazing
  • Duncan Epping – let’s just say he knows how to present and is not shy of addressing both the technical details and high level perspectives
  • Christian Dickmann – enjoy listening to his thoughts on simplifying operational management
  • Cody Hosterman – if vSphere storage is your thing, you’ll be at home
  • Christos Karamanolis – always interesting to listen to his forward looking thoughts

There are of course many other great presenters, but hey this list is getting long already!

If you’re attending VMworld this year have a great time! If you want to connect  with me at the conference feel free to reach out to me on twitter @BenMeadowcroft.