Dailydave mailing list archives
C2
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 03 Mar 2014 12:03:09 -0500
One rather facetious saying that has annoyed everyone for a while is the whole "defenders have to protect everything, attackers just have to get in once" meme. If you talk to defenders who are "leading" with new technologies and techniques, the difference really does blur quite a bit. I was happily surprised at the Tenable offsite to hear their big customers describe their continuous monitoring and SIEM analytics techniques as their network "Command and Control". It's a useful change to a more sophisticated mindset. You don't hear people really acknowledging an advanced persistent defense that often. :> Of course, building proper C2C while under attack is itself very hard. People very quickly fall into the "Big Data" trap - we try to caution Justin from collecting more than he has to with El Jefe. We don't want "Big Data" analysis. We want "Just enough data" analysis! -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave