Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Threat Intelligence's Big Data Problem
Threaded  |  Newest First  |  Oldest First
MattDevost
50%
50%
MattDevost,
User Rank: Apprentice
3/17/2016 | 4:27:59 PM
An evolution, hopefully based on the fundamentals of intelligence
Look forward to tracking this new series.  The evolution of threat intelligence is an important topic as organizations migrate towards intelligence driven security programs.  Hopefully you spend a little time looking at the fundamentals of the intelligence process and how they need to be incorporated and evolved into the cyber security domain.  

Having built intel organizations at companies like iDEFENSE, iSIGHT, the Terrorism Research Center, and within 56 U.S. cities, this is a topic that I track closely.  Many organizations don't give enough attention to how they need to consume and act on intelligence to drive decisions.  It isn't just about how many feeds you can consume, but how those feeds fit into and drive an internal intelligence process that is iterative and has a robust feedback loop.
ecrutchlow
50%
50%
ecrutchlow,
User Rank: Apprentice
3/21/2016 | 12:38:59 PM
Target Example Completely Wrong
Your use of Target was completely wrong. This was Target's first excuse for why they didn't catch this early, but as the story evolved the true events came out resulting in the CIO and the CEO resigning.

The FireEye device did detect and alert the subcontractor team in India and FireEye saw the alert as well. The subcontractor team was contacted immediately by FireEye and informed of the significance of the breach. In turn, the subcontractor notified Target and they did not act on the information. For a good write-up on the events, please look up the SANS report titled, "Case Study: Critical Controls that Could Have Prevented Target Breach"

The article is correct regarding the amount of data organizations must review. It's really the story of the boy who cried wolf one too many times. Except we have systems that cry wolf thousands of times a day. Solutions that can reduce the noise is essential. Security operations centers should be focusing on real events and not on vetting false-positives.
ACThomson
50%
50%
ACThomson,
User Rank: Author
3/25/2016 | 9:20:15 AM
An opportunity for artificial intelligence
There are quite a number of startups appearing that are using artificial intelligence techniques to help manage this overload, allowing the most important threats to be prioratised.


7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9994
PUBLISHED: 2020-10-22
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.
CVE-2020-9997
PUBLISHED: 2020-10-22
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.
CVE-2020-9927
PUBLISHED: 2020-10-22
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9928
PUBLISHED: 2020-10-22
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9929
PUBLISHED: 2020-10-22
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.