Dailydave mailing list archives

C2

From: Dave Aitel <dave () immunityinc com>
Date: Mon, 03 Mar 2014 12:03:09 -0500

One rather facetious saying that has annoyed everyone for a while is the
whole "defenders have to protect everything, attackers just have to get
in once" meme. If you talk to defenders who are "leading" with new
technologies and techniques, the difference really does blur quite a
bit. I was happily surprised at the Tenable offsite to hear their big
customers describe their continuous monitoring and SIEM analytics
techniques as their network "Command and Control". It's a useful change
to a more sophisticated mindset. You don't hear people really
acknowledging an advanced persistent defense that often. :>

Of course, building proper C2C while under attack is itself very hard.
People very quickly fall into the "Big Data" trap - we try to caution
Justin from collecting more than he has to with El Jefe. We don't want
"Big Data" analysis. We want "Just enough data" analysis!

-dave

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

C2 Dave Aitel (Mar 03)
- Re: C2 Dominique Brezinski (Mar 03)
  - Re: C2 al bell (Mar 03)
    - Re: C2 Thomas J. Quinlan (Mar 05)
- Re: C2 Dan Guido (Mar 03)