Trellix sets up Advanced Research Center to power global threat intelligence
Trellix has announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence. Composed of hundreds of the world’s most elite security analysts and researchers, the Advanced Research Center produces actionable real-time intelligence and threat indicators to help customers detect, respond, and remediate the latest cybersecurity threats.
“The threat landscape is scaling in sophistication and potential for impact,” said Aparna Rayasam, Chief Product Officer, Trellix. “We do this work to make our digital and physical worlds safer for everyone. With adversaries strategically investing in talent and technical know-how, the industry has a duty to study the most combative actors and their methods to innovate at a faster rate.”
Trellix Advanced Research Center has the cybersecurity industry’s most comprehensive charter and is at the forefront of emerging methods, trends, and actors across the threat landscape. The premier partner of security operations teams across the globe, Trellix Advanced Research Center provides intelligence and cutting-edge content to security analysts while powering our leading XDR platform.
In coordination with the launch, Trellix Advanced Research Center also published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. It exists in the Python tarfile module which is a default module in any project using Python and is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google, and applications used for machine learning, automation and docker containerization. The vulnerability can be exploited by uploading a malicious file generated with two or three lines of simple code and potentially allows attackers arbitrary code execution, or control of a target device.
“When we talk about supply chain threats, we typically refer to cyber-attacks like the SolarWinds incident, however building on top of weak code-foundations can have an equally severe impact,” said Christiaan Beek, Head of Adversarial & Vulnerability Research, Trellix. “This vulnerability’s pervasiveness is furthered by industry tutorials and online materials propagating its incorrect usage. It’s critical for developers to be educated on all layers of the technology stack to properly prevent the reintroduction of past attack surfaces.”
Open-source developer tools, like Python, are necessary to advance computing and innovation, and protection from known vulnerabilities requires industry collaboration. Trellix is working to push code via GitHub pull requests to protect open-source projects from the vulnerability.
INTERVIEWS
TOP VIDEOS
SECURITY
SOFTWARE
Newgen to streamline end-to-end lending processes with Mambu
Newgen Software is announcing its partnership with cloud banking platform, Mambu. The part...
UiPath and Amelia bring in a new era of seamless digital experiences for the Future of Work
UiPath and Amelia, the enterprise leader in Trusted AI have announced a partnership that b...
Zoom expands Zoom IQ with a host of new capabilities
Zoom Video Communications has announced the expansion of Zoom IQ, a smart companion that e...
START - UP
PERIPHERALS
INDUSTRY EVENTS
Team Computers along with Microsoft Surface hosts 300 IT leaders
Team Computers has organized an event to showcase how the diverse range of Microsoft Surfa...
Cisco aiming to build a trusted and resilient future for the nation
Daisy Chittilapilly, President, Cisco India & SAARC The US-based te...
Providing multilingual internet crucial to bridge digital divide in India: MeitY Addl Secy
Calling India the right place for Universal Acceptance Day celebrations, Bhuvnesh Kumar, I...
The new wave of start-ups in the country is a testimony to the entrepreneurial temperament of the youth
PHDCCI conducted “Bharat Startup Summit, 2023” The conclave through discussion...
E- COMMERCE
