Collaborate Disseminate
Esteemed Mr Barros has beat me to it this time, but here is my re-re-announcement of our updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019) deception paper. Some of my favorite quotes fo… Continue reading Our Updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019) Publishes
Here is an obvious, but not really obvious question: will UEBA and NTA ever merge? Admittedly, normal security people who don’t care about the changing tides of vendors and markets can skip this post, because this has little to do with the operat… Continue reading Tricky: Will UEBA and NTA Ever Merge?
As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity. Q: I thought “vendor C” has a devi… Continue reading Webinar Q&A from Modern Network Threat Detection and Response
As you can see below, we have written a lot of research over the years, and it would be handy to have a roadmap for the readers. This is especially useful for organizations that are in the phase of “OMG WHAT TO DO WITH ALL THIS CYBER?” phas… Continue reading Our “Solution Path for Implementing Threat Detection and Incident Response” Publishes
Here is my next Gartner webinar; this one is focused on network traffic use for detection and response. Title: Modern Network Threat Detection and Response Date: January 29, 2019 Time: EST: 11:00 a.m. | PDT: 8:00 a.m. | GMT: 16:00 Register: h… Continue reading Upcoming Webinar: Modern Network Threat Detection and Response
To make it easy for the readers to find my research, here is the list of everything I published in 2018 [most co-authored with Augusto Barros and recently also with illustrious Anna Belak]. Gartner GTP access is required for most of the papers below. A… Continue reading All My Research Published in 2018
Our main EDR document (“Endpoint Detection and Response Architecture and Operations Practices”) was just updated by Jon Amato, and it looks much better now. The abstract states “’Increasing complexity and frequency of attacks el… Continue reading Our 2018 Update for “Endpoint Detection and Response Architecture and Operations Practices” Publishes
This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for some time, perhaps for 2+ years. However, we deferred this debate and hid… Continue reading Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?
So I spent much of last week reading a book about Second World War called “The Second World Wars: How the First Global Conflict Was Fought and Won.“ You do not have to be a history buff to like it, since it is both intellectually interestin… Continue reading On Operational Excellence
Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it was called “N-BAD” [“a coincidence? I think not”] … Continue reading Is Encryption an NTA / NIDS / NFT Apocalypse?