Characterizing the Friction and Incompatibility Between IoC and AI
Many organizations are struggling to overcome key conceptual differences between today’s AI powered threat detection systems and legacy signature detection systems. A key friction area - in perception and delivery capability - lies with the inertia of Indicator of Compromise (IoC) sharing; something that is increasingly incompatible with the machine learning approaches incorporated in to the new breed of advanced detection products. In recent years Government intelligence, la
Bug Bounty Programs: Are You Ready? - part 2
In this part we’ll discuss why an organization needs to launch a bug bounty program, and what limits the value they will likely extract from
Bug Bounty Programs: Are You Ready? - Part 1
The premise of crowdsourcing the task of uncovering new bugs and vulnerabilities in an organizations web applications or consumer products sounds compelling to many. What’s not to like with the prospect of “many eyes” poking and prodding away at a corporate system for a minimal reward – and preemptively uncovering flaws that could have been exploited by hackers with nefarious intent? Despite existing for over two decades prior to the more recent launch of commercial bug bount
Security Automation Isn’t AI Security
The AI revolution is still relatively young in the InfoSec world. Despite endless floors of vendor booths displaying the latest security device or technology, we're still in the v1.0 realm. In many cases, while the marketing literature references machine learning, must of the coded approach is actually simple automation. AI v1.0 is guiding some products automation... where that automation is benefiting from prioritization and reduction in alerts to human operators. I think v1
A Pentester’s Cache of 0-days
Much of the InfoSec would still struggles to understand the dynamics of 0-day vulnerabilities and the quandary of their widespread availability. There is a common misconception that the prolonged period between discovery and vendor patching is not only a security threat, but is also proportional to the severity of the threat. I was lucky enough to join a couple of panels last week at the Suits and Spooks conference in Arlington, Virginia, during which one of the panels touche
From Anomaly, to Behavior, and on to Learning Systems
Anomaly detection approaches to threat detection have traditionally struggled to make good on the efficacy claims of vendors once deployed in real environments. Rarely have the vendors lied about their products capability – rather, the examples and stats they provide are typically for contrived and isolated attack instances; not representative of a deployment in a noisy and unsanitary environment. Where anomaly detection approaches have fallen flat and cast them in a negative
Suits & Spooks: Post DYN DDoS: Is government regulation of the IoT on the horizon?
It’s a bit hard to miss all the stories and concerns over IoT security. In some ways it’s reminiscent of the late 1990’s and the endless stream of security failures related to Windows 95, ME, and XP – which ultimately lead to Bill Gates famous companywide memo of 2002 kicking off the companies trustworthy computing initiative. Have we reached an equivalent point for IoT (15 years later) with the need to launch a trustworthy IoT initiative? This Wednesday (at 10:15am) during t
Suits & Spooks: Shadowbrokers, Attribution, and Responsible Disclosure
Threat actor attribution in the cyber world – when done properly – is a damned difficult task complicated by missing and inaccessible traffic logs, international jurisdictions, and routing through anonymizing proxies and compromised hosts scattered around the globe. Unlike professional forensic investigations of physical-world crime scenes, the virtual world spawns an endless supply of amateur cyber investigators (with no certified credentials) many seeking notoriety or promo
Ransomware Detection and Mitigation in 2017
With near unanimous agreement between InfoSec authors of 2017 security predictions, ransomware will continue to grow as the number-one cyber threat that businesses will encounter and be forced to respond to this year. As predictions go, the Oracle of Delphi of legend would likely summarize it as “ditto”. Technologically speaking, the ransomware threat is already a solved problem. Yet the threat and its impact on business is predicted to grow. How so? The primary (and overlapp
Allowing Vendors VPN access during Product Evaluation
For many prospective buyers of the latest generation of network threat detection technologies it may appear ironic that these AI-driven learning systems require so much manual tuning and external monitoring by vendors during a technical “proof of concept” (PoC) evaluation. Practically all vendors of the latest breed of network-based threat detection technology require varying levels of network accessibility to the appliances or virtual installations of their product within a
