Collaborate Disseminate
As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity. Q: I thought “vendor C” has a devi… Continue reading Webinar Q&A from Modern Network Threat Detection and Response
Here is my next Gartner webinar; this one is focused on network traffic use for detection and response. Title: Modern Network Threat Detection and Response Date: January 29, 2019 Time: EST: 11:00 a.m. | PDT: 8:00 a.m. | GMT: 16:00 Register: h… Continue reading Upcoming Webinar: Modern Network Threat Detection and Response
Earlier last year, Anton Chuvakin of Gartner posted a question I’ve spent the past few years focused on. Actually, I’ve focused on it since working in the Network Security Wizards office on the Dragon IDS back in Y2K, back when it was called Y2K. In t… Continue reading Is NTA Just Another Kind of IDS?
Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it was called “N-BAD” [“a coincidence? I think not”] … Continue reading Is Encryption an NTA / NIDS / NFT Apocalypse?
This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network security monitoring (via NTA or, if you’d like, NDR), endpoint… Continue reading Let’s Go Fight IT for Logs? Agents? Taps?
Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for network-centric detection and response) research one mystery has to be resolved. What mo… Continue reading NTA: The Big Step Theory
As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be sure (“OMG WE CAN DETECT PORTSCANS!!!”), but in to… Continue reading Network Anomaly Detection Track Record in Real Life?
We have EDR (thanks Anton!), but can we also have NDR – if only to make the world of acronyms more consistent? Instead, today we have NIDS (detection that is assumed to be signature-based), NTA (detection by learning and baselining, and praying t… Continue reading Can We Have NDR, Please?
Have you ever wondered why academic literature – however silly much of infosec academic research is – always talks about “signature-based IDS” (“misuse”) and “anomaly-based IDS” (“abuse”), but… Continue reading NTA: The Other IDS?