[Dailydave] Improvements

J. Oquendo joquendo at e-fensive.net
Thu Feb 16 13:49:24 EST 2017


On Wed, 15 Feb 2017, Wim Remes wrote:

> Isn't this what Phantom and other "security orchestration" companies are
> pushing right now?
> 
> The biggest roadblock is that every traditional security vendor is trying
> to be the "data hub", hoarding information. Badly constructed and horribly
> documented APIs, stupid myopic dashboards, rate limiting on APIs, etc. etc.
> are the trademarks of those data hoarders. I wonder how long it takes
> before they realize they're contributing more by becoming data providers.
> Hell, every RFP for security products should score their ability to provide
> data.
> 
> Cheers,
> Wim

While bored (which is often) I rigged together quite a few
applications into a suite of my own to go out, aggregate,
then correlate, then go back out, and see what exactly are
threats, and what are not. E.g. How many of us have tried
to ping a site, or ssh somewhere, and fat-fingered (sorry
all couldn't find politically correct term) an address?
E.g. ssh 19.0.0.1 when it should have been 10.0.0.1. Now
imagine the amounts of data caught in the "cross fire."

What I sought to do what take data and find out why exactly
are causing say 8.8.8.8 (example) to be re-aggregated into
threat lists. Too many "threat" lists with little info
to go by. What I found over time was even stranger... Not
naming names, but 90+% of "threat" vendors cross correlate
the same nonsense/pollution into a smorgasbord of: "OMG
your mom is a threat" alerting.

Hoarding data is meaningless if terabytes of the data being
captured is insignificant. I have been playing with IBM's
Watson so sooner or later when I am even more bored than I
am, I will dump terabytes and say: "Go make sense of this."
To be honest, the Watson Analytics side could not do this
as good as I connected my own dots with i2 Analyst Notebook
so who knows what AI Watson will push out. (Maybe Grugq is
responsible for 97% of traffic to my Alexa Echo). Data is
becoming too polluted over time (IMHO).

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463


More information about the Dailydave mailing list