Collaborate Disseminate
After many discussions and a bit of a re-write, our new paper “Applying Network-Centric Approaches for Threat Detection and Response” is finally ready (Gartner GTP access required). The abstract states “The escalating sophistication o… Continue reading Our “Applying Network-Centric Approaches for Threat Detection and Response” Paper Publishes
So I have a snort rule that detects syn flood attacks that looks like this:
alert tcp any any -> $HOME_NET 80 (msg:”SYN Flood – SSH”; flags:S;
flow: stateless; detection_filter: track by_dst, count 40, seconds 10;
GID:1; sid:10000002; … Continue reading Snort rule for syn flood attacks – Limiting number of alerts
I have a test virus in a Azure VM. This vm is under monitoring by Security Center. But I do not detect this virus as a security alert in security center, anyone who have the same problem? Metasploit is also another tool that … Continue reading Azure Security Center – not showing security alerts
Esteemed Mr Barros has beat me to it this time, but here is my re-re-announcement of our updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019) deception paper. Some of my favorite quotes fo… Continue reading Our Updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019) Publishes
I’m wondering if it is possible to detect 100% of the possible SQLi attacks using a simple regex.
In other words, using very simple PHP code as an example:
if (preg_match(“/select/i”, $input)) {
attack_log(“Possible SELECT SQLi detec… Continue reading Is it possible to detect 100% of SQLi with a simple regex?
Here is an obvious, but not really obvious question: will UEBA and NTA ever merge? Admittedly, normal security people who don’t care about the changing tides of vendors and markets can skip this post, because this has little to do with the operat… Continue reading Tricky: Will UEBA and NTA Ever Merge?
As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity. Q: I thought “vendor C” has a devi… Continue reading Webinar Q&A from Modern Network Threat Detection and Response
What analysis was Bruce Schneier referencing when he wrote:
Viruses have no “cure.” It’s been mathematically proven that it is always possible to write a virus that any existing antivirus program can’t stop.
From the bo… Continue reading Has it been mathematically proven that antivirus can’t detect all viruses?
As you can see below, we have written a lot of research over the years, and it would be handy to have a roadmap for the readers. This is especially useful for organizations that are in the phase of “OMG WHAT TO DO WITH ALL THIS CYBER?” phas… Continue reading Our “Solution Path for Implementing Threat Detection and Incident Response” Publishes
Here is my next Gartner webinar; this one is focused on network traffic use for detection and response. Title: Modern Network Threat Detection and Response Date: January 29, 2019 Time: EST: 11:00 a.m. | PDT: 8:00 a.m. | GMT: 16:00 Register: h… Continue reading Upcoming Webinar: Modern Network Threat Detection and Response