[Dailydave] Longer form questions
Konrads Smelkovs
konrads.smelkovs at gmail.com
Fri Sep 6 12:44:22 UTC 2019
>From practical detection and response standpoint:
1) no egress monitoring at network level means very limited clue on first
signs of trouble and timeline
2) network traffic monitoring can point out anomalies very early on.
3) the idea that because a vendor has painted a solution architecture where
everything logs centrally or EDR works all the time is imaginary.
Netflows/Tiered network meta-data provides a solid fallback.
The biggest problem with network monitoring is “cloud”. There is less and
less to monitor
On Fri, 6 Sep 2019 at 12:15, Anton Chuvakin <anton at chuvakin.org> wrote:
> Wow, indeed, so 2007, this brings back memories ....
>
> But on a more serious note: do you guys truly think that network security
> monitoring (whether NIDS, network forensics / capture, "NTA / NDR", Bro /
> Zeek and such) is "dead dead"? And there no hope for any
> zombie-apocalypse-style revival? :-)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20190906/1d0f504c/attachment-0001.html>
More information about the Dailydave
mailing list