Tuesday, March 27, 2007

Ayoi on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Importance of NSM Data

At my ShmooCon talk I provided a series of case studies showing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 importance of Network Security Monitoring data. The idea was to ask how it would be possible to determine if an IDS alert represented a real problem if high-quality data didn't exist. Alert management is not security investigation, and unfortunately most products and processes implement cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 former while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latter is truly needed.

I noticed that Ayoi in Malaysia posted a series of blog stories showing his investigative methodology using NSM data and Sguil (Not Only Alert Data parts I, II, and III). These posts demonstrate several alerts and compare data available via an alert management tool like BASE versus a security investigation tool like Sguil. I am glad to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se sorts of stories because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y show how people in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trenches do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir jobs.

I have yet to meet an analyst -- someone responsible for finding intrusions -- who rejects my methods or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 need for collecting NSM data. Almost everyone who argues against cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se methods is not directly responsible for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 technical aspects of personally detecting and responding to intrusions.

5 comments:

Murali Raju said...

"Almost everyone who argues against cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se methods is not directly responsible for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 technical aspects of personally detecting and responding to intrusions."

I could not agree with you more. On a lighter note, I am winning battles, but not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 war on promoting NSM principles. It is a start...

_Raju

Anonymous said...

Wow...good jobs Ayoi...

Joel Esler said...

Richard--

I agree with you. It takes surrounding data.

When i used to be an analyst, I started with RealSecure, well, needless to say.. sucked.

Snort came next, and it was awesome, but not enuff.

I developed an IDS system with pcap logs, p0f, and Snort being analyzed by BASE.

Sguil wasn't as sharp as it is now, and wasn't as "stable", so it didn't work out for me. But being able to analyze a Snort alert by utilizing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 src and dst, and running a tcpdump query for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 surrounding timeframe was awesome. We found stuff we ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise would have not found.

However, this approach was not feasible when we get over 10 sensors. The data being collected was just too much to deal with.

I can think of a 100 different scenarios where products like RNA, IPS, IDS, Sguil-ish NSM tools, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 like all have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir place, some more than ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs, RNA provides alot of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 contextual alerting without cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 need for "Immaculate Collection".

I don't disagree with you, but my point is, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is more than one way to skin a cat.

Anonymous said...

Totally agree with you Joel Esler.

Anonymous said...

So what would be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best way to monitor?

hackathology.blogspot.com