Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Open Source & Machine Learning: A Dynamic Duo
Newest First  |  Oldest First  |  Threaded View
tdsan
tdsan,
User Rank: Ninja
2/4/2019 | 1:18:22 PM
Interesting Article - Open Community Model
Quotes -

→ "And if those of us in security can't understand how something works, and how to apply it to what we do, why on earth would we trust it? Interesting, I would beg to differ, do we really know how a TV works, Refrigerator or even the concepts of an alternator. Let's look at it from what companies are using every day, "Cloud Computing". It was adopted just like the "Smart Phone", people use the "Smart Phone" and the "Cloud Services" but they don't understand its underpinnings. So even from a security perspective, people often use what they feel comfortable with and don't take the time to explore better alternatives. For example, Juniper or Cisco are companies that provided major security products in the security field, their solutions work but did individuals understand that Juniper created its security platforms from FreeBSD (opensource) and Cisco developed its platform from Linux (opensource). Often, we use things because of overall social acceptance and not because it is the best. If that were the case, then why didn't the US move towards IPv6 when it initially came out, if we are looking at things from a security perspective IPv6 provides IPSEC AES256 ESP/AH VPN capability, tunnelling, 17 quintillion addresses, no man in the middle attacks and improved efficiency. IPv6 uses uses a hexadecimal numbering scheme where computers can interpret the key string much more effectively than IPv4, this protocol is 10 times more secure and are currently being made more secure than IPv4.

→ We don't need to be told why to use a hammer. We need to be told how.

Again, I would disagree, I think we need both, to determine the direction and use of a product one must clearly understand its use and outcome. The "how" will come with training (you had mentioned this in your commentary), the "why" and "for what" will follow when we have a clear understanding of the applications intentions so we can narrow down the focus for improved performance and security (understand the entire stack so there is no confusion as to the proposed outcome, if the outcome does not result from your expectations, then you can make adjustments so that the outcome is inline with your intended expectations).

→ The analyst knows how to write rules to prevent a specific tactic or technique from being used again, but he cannot detect the patterns to proactively hunt threats because one does not have the models to dynamically assess data as it arrives...Start with simple data counts, look at frequency and standard deviations

Interesting assumption, I think in this section, the concept of SIEM, Security Analytics tools and various Security frameworks effectively address this area of concern. From McAfee Nitro, Cisco Sourcefire, IBM Qradar, Splunk and others provide this capability where you stated security analysts are not able to derive patterns in an attacker/actor's behavior (this is just not true, it is not the just the attack, but amount of data that results from the event or prior to, a company called Gigamon is addressing this area). In addition, from a historical perspective, large amounts of data are correlated where relationships can and are being developed, pinpointing attack vectors, and analytics using a decentralized model to create a picture for individuals is being derived to create an attack profile. In addition, companies like Extrahop, Virtual Instruments , Dynatrace, AppDynamics and Extremenetworks (Netsight Atlas) are able to pin-point infrastructure weaknesses in the application environment and infrastructure arena. To help identify a possible and/or impending threat, we need to be able to amass this information in a way where we take "Big Data", ML, SIEM and baselining techniques to determine where anomalies arise (companies like DomainTools, InfoBlox and BlueVector gives users the ability to create analytics using IP, traffic patterns and rouge DNS sites to create patterns from sites that had been identified as being nefarious, we can block countries from a single mouse click, not sure why more organizations are not employing this technology but again, it does not seem to be socially accepted, to the point made earlier).

→ Analysts helping other analysts — for the good of the community, for the good of enterprises — is common. It is very easy to detect a pattern here. All doors lead to open source.

Where I do agree with sharing information to make organizations better, it is not just open-source, it is more about people than anything, it is an "Open-Community" model (Palo Alto Networks, Symantec, IBM, Cisco, Juniper - https://www.weforum.org/agenda/archive/cyber-security/). Where thoughts are brought to the forefront and people incorporate their ideas into one framework, the problem is that we are flawed in our thinking (greed, envy keep us back), when one organization feels they are eating less than someone else on the board, then they don't want to play anymore. It really comes down to human nature and the basic ideals of life. You have to ask yourself, why is it that China, Russia, Iran, Iraq, Africa, Pakistan all have a problem with America (other than the bad deals, mass incarceration and murders)? It is about resources and the quality of life. And you have to ask yourself, why do hackers do what they do (respect, money, prestige, political statement, and control). Once we address these problems and start being honest with one another, the world, at that point we can reduce the emphasis on money/power and redirect that value on human life (Gold), then we could start taking the blinders off to reveal the beauty that each one of us brings.

T


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786
PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849
PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193
PUBLISHED: 2023-02-04
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.