Control "Monitoring" is Not Threat Monitoring

November 23rd, 2009 admin

As I write this post I’m reminded of General Hayden’s advice: “Cyber” is difficult to understand, so be charitable with those who don’t understand it, as well as those who claim “expertise.” It’s important to remember that plenty of people are trying to act in a positive manner to defend important assets, so in that spirit I offer the following commentary. Thanks to John Bambanek’s SANS post I read NIST Drafts Cybersecurity Guidance by InformationWeek’s J. Nicholas…


Originally posted on TAOSecurity

 
  Related Posts
Example of Threat-Centric Security
Example of Threat-Centric Security
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat . No sooner than I had posted those thoughts do I read this: Beijing ’strongly indignant’ about U.S.-Taiwan arms sale The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters,... 
Cyber Threat is Nations Biggest Economic Risk
At the RSA security conference in San Francisco today, White House cybersecurity chief Howard Schmidt said that the biggest economic threat facing the nation is the cybersecurity problem. He said the government is mobilizing to deal with electronic attacks, which have hit everyone from Google to everyday consumers who have had their identities stolen... 
Every Software Vendor Must Read and Heed
Every Software Vendor Must Read and Heed
Matt Olney and I spoke about the role of a Product Security Incident Response Team ( PSIRT ) at my SANS Incident Detection Summit this month. I asked if he would share his thoughts on how software vendors should handle vulnerability discovery in their software products. I am really pleased to report that Matt wrote a thorough, public blog post... 
World’s Largest Data Collector Teams Up With Word’s Largest Data Collector
Does anyone think this is a good idea? Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend... 
Bejtlich and Bradley on SANS Webcast Monday 2 Nov
Bejtlich and Bradley on SANS Webcast Monday 2 Nov
Ken Bradley and I will conduct a Webcast for SANS on Monday 2 Nov at 1 pm EST. Check out the sign-up page. I’ve reproduced the introduction here. Every day, intruders find ways to compromise enterprise assets around the world. To counter these attackers, professional incident detectors apply a variety of host, network, and other mechanisms... 
Mandiant M-Trends on APT
Mandiant M-Trends on APT
If you want to read a concise yet informative and clue-backed report on advanced persistent threat , I recommend completing this form to receive the first Mandiant M-Trends report. Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting... 
Interview with a Nigerian Internet Scammer
Really interesting reading. Scam-Detective: How did you find victims for your scams? John: First you need to understand how the gangs work. At the bottom are the “foot soldiers”, kids who spend all of their time online to find email addresses and send out the first emails to get people interested. When they receive a reply, the victim... 
The Politics of Power in Cyberspace
Thoughful blog post by The Atlantic’s Marc Ainbinder: We allow Google, Amazon.com, credit companies and all manner of private corporations to collect intimate information about our lives, but we reflexively recoil when the government proposes to monitor (and not even collect) a fraction of that information, even with legal safeguards. We carry... 
Attribution Is Not Just Malware Analysis
Attribution Is Not Just Malware Analysis
In a recent Tweet I recommended reading Joe Stewart’s insightful analysis of malware involved in Google v China . Joe’s work is stellar as always, but I am reading more and more commentary that shows many people don’t have the right frame of reference to understand this problem. In brief, too many people are focusing on the malware... 
Audio of Bejtlich Presentation on Network Security Monitoring
Audio of Bejtlich Presentation on Network Security Monitoring
One of the presentations I delivered at the Information Security Summit last month discussed Network Security Monitoring. The Security Justice guys recorded audio of the presentation and posted it here as Network Security Monitoring and Incident Response. The audio file is InfoSec2009_RichardBejtlich.mp3. Copyright 2003-2009 Richard Bejtlich and... 
  Related Tweets from Twitter
oneraindrop (gunnar peterson)  : RT @owasp_podcast: OWASP Podcast #61 - an interview with @taosecurity (Richard Bejtlich) from GE - is now live! http://www.owasp.org/index.p..
Updated : 2010-03-10T17:33:32Z   |  Reply  |  View Tweet
0x58 (Xavier Santolaria)  : RT @OWASP_podcast: Podcast #61 - iview with @taosecurity (Richard Bejtlich) from GE - is now live! http://bit.ly/bGk7Ph..
Updated : 2010-03-10T16:44:40Z   |  Reply  |  View Tweet
pcapr (pcapr)  : RT @tomwparker: Nice post by @taosecurity on pcapr. Great to see my old friends at @mudynamics getting more traction with researchers http:/..
Updated : 2010-03-10T16:35:00Z   |  Reply  |  View Tweet
Iglobalcast (IGlobalcast.com)  : TaoSecurity: Bejtlich OWASP Podcast Posted: Richard Bejtlich's blog on digital security and the practices of netwo... http://bit.ly/9Afo1d..
Updated : 2010-03-10T16:01:19Z   |  Reply  |  View Tweet
cybfor (Cyber Informant)  : Bejtlich OWASP Podcast Posted: [taosecurity.blogspot.com] My appearance on OWASP Podcast 61 is available. The .mp3 is... http://dlvr.it/98QB..
Updated : 2010-03-10T15:53:16Z   |  Reply  |  View Tweet
  Related News from Digg
No comments yet.

Spam Protection by WP-SpamFree

TOP