Re: Longer form questions

[Konrads Smelkovs <konrads.smelkovs () gmail com>]

> From practical detection and response  standpoint:
1) no egress monitoring at network level means very limited clue on first
signs of trouble and timeline
2) network traffic monitoring can point out anomalies very early on.
3) the idea that because a vendor has painted a solution architecture where
everything logs centrally or EDR works all the time is imaginary.
Netflows/Tiered network meta-data provides a solid fallback.

The biggest problem with network monitoring is “cloud”. There is less and
less to monitor


On Fri, 6 Sep 2019 at 12:15, Anton Chuvakin <anton () chuvakin org> wrote:

> Wow, indeed, so 2007, this brings back memories ....
>
> But on a more serious note: do you guys truly think that network security
> monitoring (whether NIDS, network forensics / capture, "NTA / NDR", Bro /
> Zeek and such) is "dead dead"? And there no hope for any
> zombie-apocalypse-style revival? :-)
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave