SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Trellix advances threat intelligence with new research centre
Tue, 27th Sep 2022
FYI, this story is more than a year old

Trellix, the cybersecurity company delivering extended detection and response (XDR) solutions, has announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.

Comprised of hundreds of elite security analysts and researchers, the Advanced Research Center produces actionable real-time intelligence and threat indicators to help customers detect, respond and remediate the latest cyber security threats, the company states.

Aparna Rayasam, Chief Product Officer at Trellix, says, “The threat landscape is scaling in sophistication and potential for impact. We do this work to make our digital and physical worlds safer for everyone. With adversaries strategically investing in talent and technical know-how, the industry has a duty to study the most combative actors and their methods to innovate at a faster rate.”

Trellix Advanced Research Center aims to be at the forefront of emerging methods, trends and actors across the threat landscape, Trellix states.

Designed to be a premium partner of security operations teams across the globe, Trellix Advanced Research Center provides intelligence and content to security analysts while powering the company's XDR platform.

In coordination with the launch, Trellix Advanced Research Center also published its research into CVE-2007-4559, a vulnerability estimated to be present in more than 300,000 open source projects and prevalent in closed-source projects.

It exists in the Python tarfile module which is automatically installed in any project using Python and is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google, and applications used for machine learning, automation and docker containerisation.

The vulnerability can be exploited by uploading a malicious file generated with two or three lines of simple code and allows attackers arbitrary code execution, or control of a target device.

Christiaan Beek, Head of Adversarial and Vulnerability Research, Trellix, says, “When we talk about supply chain threats, we typically refer to cyber-attacks like the SolarWinds incident, however building on top of weak code-foundations can have an equally severe impact.

"This vulnerability’s pervasiveness is furthered by industry tutorials and online materials propagating its incorrect usage. Its critical for developers to be educated on all layers of the technology stack to properly prevent the reintroduction of past attack surfaces.

"Open source developer tools, like Python, are necessary to advance computing and innovation, and protection from known vulnerabilities requires industry collaboration. Trellix is working to push code via GitHub pull request to protect open source projects from the vulnerability.”

A free tool for developers to check if their applications are vulnerable is available on Trellix Advanced Research Center’s GitHub.

Trellix's open and native extended detection and response (XDR) platform helps organisations confronted by today's most advanced threats gain confidence in the protection and resilience of their operations, the company states.

According to the company, Trellix and its partner ecosystem works to accelerate innovation through machine learning and automation, to empower more than 40,000 business and government customers with living security.