Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Open Source & Machine Learning: A Dynamic Duo
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
2/4/2019 | 1:18:22 PM
Interesting Article - Open Community Model
Quotes -

→ "And if those of us in security can't understand how something works, and how to apply it to what we do, why on earth would we trust it? Interesting, I would beg to differ, do we really know how a TV works, Refrigerator or even the concepts of an alternator. Let's look at it from what companies are using every day, "Cloud Computing". It was adopted just like the "Smart Phone", people use the "Smart Phone" and the "Cloud Services" but they don't understand its underpinnings. So even from a security perspective, people often use what they feel comfortable with and don't take the time to explore better alternatives. For example, Juniper or Cisco are companies that provided major security products in the security field, their solutions work but did individuals understand that Juniper created its security platforms from FreeBSD (opensource) and Cisco developed its platform from Linux (opensource). Often, we use things because of overall social acceptance and not because it is the best. If that were the case, then why didn't the US move towards IPv6 when it initially came out, if we are looking at things from a security perspective IPv6 provides IPSEC AES256 ESP/AH VPN capability, tunnelling, 17 quintillion addresses, no man in the middle attacks and improved efficiency. IPv6 uses uses a hexadecimal numbering scheme where computers can interpret the key string much more effectively than IPv4, this protocol is 10 times more secure and are currently being made more secure than IPv4.

→ We don't need to be told why to use a hammer. We need to be told how.

Again, I would disagree, I think we need both, to determine the direction and use of a product one must clearly understand its use and outcome. The "how" will come with training (you had mentioned this in your commentary), the "why" and "for what" will follow when we have a clear understanding of the applications intentions so we can narrow down the focus for improved performance and security (understand the entire stack so there is no confusion as to the proposed outcome, if the outcome does not result from your expectations, then you can make adjustments so that the outcome is inline with your intended expectations).

→ The analyst knows how to write rules to prevent a specific tactic or technique from being used again, but he cannot detect the patterns to proactively hunt threats because one does not have the models to dynamically assess data as it arrives...Start with simple data counts, look at frequency and standard deviations

Interesting assumption, I think in this section, the concept of SIEM, Security Analytics tools and various Security frameworks effectively address this area of concern. From McAfee Nitro, Cisco Sourcefire, IBM Qradar, Splunk and others provide this capability where you stated security analysts are not able to derive patterns in an attacker/actor's behavior (this is just not true, it is not the just the attack, but amount of data that results from the event or prior to, a company called Gigamon is addressing this area). In addition, from a historical perspective, large amounts of data are correlated where relationships can and are being developed, pinpointing attack vectors, and analytics using a decentralized model to create a picture for individuals is being derived to create an attack profile. In addition, companies like Extrahop, Virtual Instruments , Dynatrace, AppDynamics and Extremenetworks (Netsight Atlas) are able to pin-point infrastructure weaknesses in the application environment and infrastructure arena. To help identify a possible and/or impending threat, we need to be able to amass this information in a way where we take "Big Data", ML, SIEM and baselining techniques to determine where anomalies arise (companies like DomainTools, InfoBlox and BlueVector gives users the ability to create analytics using IP, traffic patterns and rouge DNS sites to create patterns from sites that had been identified as being nefarious, we can block countries from a single mouse click, not sure why more organizations are not employing this technology but again, it does not seem to be socially accepted, to the point made earlier).

→ Analysts helping other analysts — for the good of the community, for the good of enterprises — is common. It is very easy to detect a pattern here. All doors lead to open source.

Where I do agree with sharing information to make organizations better, it is not just open-source, it is more about people than anything, it is an "Open-Community" model (Palo Alto Networks, Symantec, IBM, Cisco, Juniper - https://www.weforum.org/agenda/archive/cyber-security/). Where thoughts are brought to the forefront and people incorporate their ideas into one framework, the problem is that we are flawed in our thinking (greed, envy keep us back), when one organization feels they are eating less than someone else on the board, then they don't want to play anymore. It really comes down to human nature and the basic ideals of life. You have to ask yourself, why is it that China, Russia, Iran, Iraq, Africa, Pakistan all have a problem with America (other than the bad deals, mass incarceration and murders)? It is about resources and the quality of life. And you have to ask yourself, why do hackers do what they do (respect, money, prestige, political statement, and control). Once we address these problems and start being honest with one another, the world, at that point we can reduce the emphasis on money/power and redirect that value on human life (Gold), then we could start taking the blinders off to reveal the beauty that each one of us brings.

T


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2020-11533
PUBLISHED: 2020-04-04
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
CVE-2020-11529
PUBLISHED: 2020-04-04
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.