One rather facetious saying that has annoyed everyone for a while is the whole "defenders have to protect everything, attackers just have to get in once" meme. If you talk to defenders who are "leading" with new technologies and techniques, the difference really does blur quite a bit. I was happily surprised at the Tenable offsite to hear their big customers describe their continuous monitoring and SIEM analytics techniques as their network "Command and Control". It's a useful change to a more sophisticated mindset. You don't hear people really acknowledging an advanced persistent defense that often. :>
Of course, building proper C2C while under attack is itself very hard. People very quickly fall into the "Big Data" trap - we try to caution Justin from collecting more than he has to with El Jefe. We don't want "Big Data" analysis. We want "Just enough data" analysis! -dave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
