[Dailydave] C2

Dave Aitel dave at immunityinc.com
Mon Mar 3 12:03:09 EST 2014


One rather facetious saying that has annoyed everyone for a while is the
whole "defenders have to protect everything, attackers just have to get
in once" meme. If you talk to defenders who are "leading" with new
technologies and techniques, the difference really does blur quite a
bit. I was happily surprised at the Tenable offsite to hear their big
customers describe their continuous monitoring and SIEM analytics
techniques as their network "Command and Control". It's a useful change
to a more sophisticated mindset. You don't hear people really
acknowledging an advanced persistent defense that often. :>

Of course, building proper C2C while under attack is itself very hard.
People very quickly fall into the "Big Data" trap - we try to caution
Justin from collecting more than he has to with El Jefe. We don't want
"Big Data" analysis. We want "Just enough data" analysis!

-dave







-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140303/ba81f1d2/attachment.sig>


More information about the Dailydave mailing list