Dailydave mailing list archives
Re: The Blue Pill of Threat Intelligence
From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Fri, 17 Oct 2014 12:02:18 -0400
Most of what I've seen is that the various threat intelligence feeds are used more in line with how BL filters are used in email systems. Folks are blocking things out-right based upon a certain confidence level and then allowing the rest into their networks. It doesn't mean that the traffic that wasn't on the BL doesn't get inspected, it simply means there's less traffic to inspect. Local logs may add to the threat intel and provide additional blocking but that's a bit harder for many people to get right. How many (small?) companies block whole geographic regions from communicating with them? If you cull out all of Russia and South East Asia there's significantly less traffic to deal with in the end. Not necessarily the way I'd deal with things but </shrug>. Cheers, Harry On 10/15/14 11:59 AM, Dave Aitel wrote:
http://www.fierceitsecurity.com/story/threat-intelligence-problem/2014-10-13 In this article I go over "Threat Intelligence". And I'm a little hard on it because I think it has to make a choice, and soon. In one hand, is a pill that takes it down the road to AV-like financial success, but strategic failure. And in the other hand, the current models are only stepping stones towards offerings that provide true strategic situational awareness to their clients, so their clients can build customized incident response programs that really work. Honestly, I think because of the way VC-funded firms work, we may end up taking the blue pill, which is unfortunately for companies, but good for those of us doing offense. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The Blue Pill of Threat Intelligence Dave Aitel (Oct 15)
- Re: The Blue Pill of Threat Intelligence Zack (Oct 15)
- Re: The Blue Pill of Threat Intelligence al bell (Oct 17)
- Re: The Blue Pill of Threat Intelligence Zack Payton (Oct 17)
- Re: The Blue Pill of Threat Intelligence al bell (Oct 17)
- Re: The Blue Pill of Threat Intelligence Matthew Wollenweber (Oct 17)
- Re: The Blue Pill of Threat Intelligence Curt Wilson (Oct 20)
- Re: The Blue Pill of Threat Intelligence Harry Hoffman (Oct 20)
- Re: The Blue Pill of Threat Intelligence Zack (Oct 15)