>From practical detection and response standpoint: 1) no egress monitoring at network level means very limited clue on first signs of trouble and timeline 2) network traffic monitoring can point out anomalies very early on. 3) the idea that because a vendor has painted a solution architecture where everything logs centrally or EDR works all the time is imaginary. Netflows/Tiered network meta-data provides a solid fallback.
The biggest problem with network monitoring is “cloud”. There is less and less to monitor On Fri, 6 Sep 2019 at 12:15, Anton Chuvakin <[email protected]> wrote: > Wow, indeed, so 2007, this brings back memories .... > > But on a more serious note: do you guys truly think that network security > monitoring (whether NIDS, network forensics / capture, "NTA / NDR", Bro / > Zeek and such) is "dead dead"? And there no hope for any > zombie-apocalypse-style revival? :-) > >
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
