Dailydave mailing list archives
Re: Longer form questions
From: Konrads Smelkovs <konrads.smelkovs () gmail com>
Date: Fri, 6 Sep 2019 13:44:22 +0100
From practical detection and response standpoint:
1) no egress monitoring at network level means very limited clue on first signs of trouble and timeline 2) network traffic monitoring can point out anomalies very early on. 3) the idea that because a vendor has painted a solution architecture where everything logs centrally or EDR works all the time is imaginary. Netflows/Tiered network meta-data provides a solid fallback. The biggest problem with network monitoring is “cloud”. There is less and less to monitor On Fri, 6 Sep 2019 at 12:15, Anton Chuvakin <anton () chuvakin org> wrote:
Wow, indeed, so 2007, this brings back memories .... But on a more serious note: do you guys truly think that network security monitoring (whether NIDS, network forensics / capture, "NTA / NDR", Bro / Zeek and such) is "dead dead"? And there no hope for any zombie-apocalypse-style revival? :-)
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Longer form questions Dave Aitel (Sep 04)
- Re: Longer form questions Dave Aitel (Sep 05)
- Re: Longer form questions Chris Rohlf (Sep 05)
- Re: Longer form questions Anton Chuvakin (Sep 06)
- Re: Longer form questions Chris Rohlf (Sep 06)
- Re: Longer form questions Nick Selby (Sep 06)
- Re: Longer form questions Allen DeRyke (Sep 06)
- Re: Longer form questions John Lampe (Sep 06)
- Re: Longer form questions Andre Gironda (Sep 17)
- Re: Longer form questions Chris Rohlf (Sep 05)
- Re: Longer form questions Dave Aitel (Sep 05)
- Re: Longer form questions Konrads Smelkovs (Sep 06)