U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
When studying breaches, I've found that security products worked, but alerts weren't seen. Or the right products have been purchased, but are misused or misconfigured. As we get closer to RSA, make sure what you've got is working before you buy something new.
"Of course it's working" you might be thinking, but how do you know? Have you simulated the attack your controls are supposed to detect or prevent? Have you run a zero-knowledge test to see if your SOC will catch it and raise the alarm?
Every MSSPs I've had the opportunity to test failed to catch even the most basic attacks. I'm talking EICAR flying right through their sensors, downloading hundreds of real malware samples through unencrypted channels, mimikatz, reaching out to the NotPetya kill switch...
A breach is NOT the best time to find out your IDS is plugged into the wrong port on the switch, that you don't know how to use your SAST tools properly or that no one is monitoring alerts indicating that AV has been disabled.
I posed this question several years ago. Has anything changed?https://twitter.com/sawaba/status/642138648545263616 …
Security tools are WORTHLESS if you don’t take action on the data and operationalize said solution into your ecosystem and processes.
They can be far worse than worthless. Worthless suggests they don't have any value, but don't cause harm. Ineffective or improperly used security tools can do serious damage by taking time/funds away from beneficial tasks, tools or actions.
I just gave a talk at #S4x20 about tuning these blinky boxes. In engineering and control systems world, we have several Control System Alarm Management Standards...that deal with tuning, false positives and false negatives, how many alarms per hour an operator can handle, etc.
That's a lot more structured than the rest of us! It's funny, we see WinXP over in control systems land and think, "these dummies couldn't possibly have anything to teach us!" We're clearly wrong.
See this ALL the time in EDR... Something wasn't detected b/c the sensor wasn't fully deployed. Customer was notified but the person who receives the notifications is on vaca/left the company. Functionality is purchased but not enabled. Etc., etc...
I saw one case where EDR was deployed to 7500 hosts, but not enabled. For 18 months.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
