If anyone is wondering where the vuln data on pages 13-16 of the 2016 DBIR came from, it's IDS signatures.https://twitter.com/mroytman/status/589077391219167232 …
@EdwardsCP @mroytman @raesene @VZDBIR @riskio Not sure how "correlation with open vulns" works. Implies a scanner too, maybe?
-
-
@EdwardsCP@dguido@raesene@VZDBIR it is correlated with a vuln scanner, and IOCs post data from alienvault and Dell MSP. -
@mroytman@EdwardsCP@raesene@VZDBIR ok, so scanner detects vuln, then IDS later detects exploit heading to same server = exploited -
@dguido@EdwardsCP@raesene@VZDBIR Publishing a follow up post with detailed methodology Monday too long for Twitter -
@mroytman@EdwardsCP@raesene I know, I want to go to sleep too. I'm glad you're discussing origins, looking forward to the post but... -
@mroytman@EdwardsCP@raesene ... my comment on fig11 was one of about 40 on the entire report. I'm not singularly concerned with only it. -
@mroytman@EdwardsCP@raesene this twitter thread just went down a very specific and narrowing hole and now here we are discussing 3 pages -
@mroytman@EdwardsCP@raesene ok I'm out, 4am in Germany.
End of conversation
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.