tl;dr we have a synthetic dataset not correlated to actual attacks and we stand behind misleading people #DBIRhttp://blog.kennasecurity.com/2016/05/collaborative-data-science-inside-the-2016-verizon-dbir-vulnerability-section/ …
-
-
That should have been a major hint that they weren't measuring anything at all, but somehow...pic.twitter.com/AAOneIzBws
-
If you missed that, Kenna thinks attackers are successfully exploiting FREAK and an RDP DoS and so you should prioritize them above new CVEs
-
This dataset and their analysis is misleading and harmful. Enterprises that follow that advice are worse off after reading it.
-
There's a total disconnect between real incident data and Kenna's synthetic dataset, here's another take on it:https://twitter.com/thegrugq/status/727002988250730496 …
-
Microsoft is combining crash data with on-host agent data here. They can track process execution. This data is REAL:https://twitter.com/thegrugq/status/727002988250730496 …
-
It still confuses me why Verizon didn't use their own incident data for tracking successful exploitation. It's concrete and reliable.
-
If there are issues with quantity, then get your collaborators to improve their data collection until it's statistically reliable!
-
Instead, Verizon worked with Kenna to make up a bunch of data then masked it in "data science" to make it look like more than garbage.
-
Or, exploitation is dramatically easier to detect on-host. Partner with an agent vendor: "If iexplore.exe launches cmd.exe then popped=true"
-
Several others have cogent analysis of the Verizon/Kenna data. See here: https://twitter.com/thegrugq/status/726986083381055488 … and here:https://twitter.com/tqbf/status/726989872913739777 …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.