Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Back to Basics with Log Management, SIEMs & MSSPs
Oldest First  |  Newest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
8/6/2019 | 11:05:28 AM
We need to do more, the current methods are not working.

"AI or machine learning may help you on the analytics side, but knowing which logs you need to be effective is the key," he adds.

Currently we have seen the number of potential attacks increase by 200% this year, the existing method of doing business will have to change due to the number of attacks. There are a number of companies like Extrahop, CarbonBlack/Blue-Vector (CBBV) and Sophos are using ML to process large amounts of data. Some systems like CBBV are helping us to make and carry out those decisions.


To the point made earlier, we need to move to the Machine Learning (ML) instead of just accepting the status-quo because the existing methods are just not working.


T
tdsan
50%
50%
tdsan,
User Rank: Ninja
8/14/2019 | 2:48:32 PM
Re: We need to do more, the current methods are not working.
Yes, we are working with companies like Blue-Vector/Carbon Black, Deep Learning and Sophos to help provides solutions to these threats because we have found they are not only identifying the threat, they are also eradicating the threat and sharing the information with the other offices in real-time (the solutions are becoming Prescriptive as opposed to Prescribed):

Big Data Business Model

This is good for business because we don't need to stop what we are doing from a Cloud, Engineering, Development standpoint to talk with the security team about what has been identified, it is being done through software interconnects and APIs, they see this instantaneously on a dashboard.

Also, we are finding more and more use cases (i.e. DNS Spoofing attacks, Randomware, and Application Vulnerabilities). By providing a work-bench (per-say), Sophos can start feeding information into the Machine Learning application but this application can be tied into a centralized DB where it learns constantly

Cyber Threats and ML

 

Sophos is doing that now with the purchase of Rook Security, a pioneer and leader in managed detection and response (MDR) services. Rook Security provides a 24/7 team of cyberthreat hunters and incident response experts who monitor, hunt for, analyze and respond to security incidents for businesses of all sizes. - Sophos Acquires Rook Security

I think the next level will be to take disparate applications and devices and tie them into a centralized data collector (i.e. SIEM); from there, ML can extract data points to help with the decision-making process, this adds a component to the cybersecurity mix because the system does not sleep so if a threat or vulnerability is found a decision can be made to address this potential or ongoing threat (i.e. by adding a rule to the firewall to stop external threat or isolate the application, server or workstation to a container-like environment where the threat is isolated until further notice from the security staff).

Vendors that may be of interest - https://blog.technavio.com/blog/top-10-deep-learning-companies
  • Crowdstrike
  • Sophos Intercept X
  • BluVector/Carbon Black
  • Deep Learning
  • Nvidia
  • Microsoft
  • Amazon
  • Google
  • Apple
  • IBM
  • Intel
  • Facebook
  • Sensory
  • Qualcomm

That is my take on it.

T
RebeccaHerold
50%
50%
RebeccaHerold,
User Rank: Author
12/2/2019 | 10:47:25 PM
Re: We need to do more, the current methods are not working.
Terry, sorry to try and contact you in this way, but I do not think any of my replies to your recent emails are getting through to you, and it appears I can't message you in LinkedIn or on Twitter. 

Please check your email spam filter. Yes, I would be happy to answer some questions for you. Send the questions over, and then let me know the best way to provide you with my answers, if your email server is still blocking me. :) Thanks. Rebecca Herold
sanket@0001212
50%
50%
[email protected],
User Rank: Apprentice
12/18/2019 | 8:00:55 AM
Amazing Content
There are many elearning companies in India. E-learning refers to a learning system that we can obtain through the internet using an electronic device.


We also call it online learning or online education. ... Hence, the original term 'electronic learning.'
Making a right choice would be very difficult for anyone. I will make it easier for you to decide.
But I would strongly recommend one of the top elearning companies in India (https://zilliobit.com/). I am not sure whether you have heard about Zilliobit Interactive Private Limited (https://zilliobit.com/).


They design cutting edge, innovative and highly engaging learning and digital solutions. They believe in delivering learning experiences and digital solutions that transform businesses and change the mindset and behavior of learners. To know more you can visit them on

<a href="https://zilliobit.com/">Zilliobit Interactive Pvt Ltd </a> . If you have any questions, you can get back to me anything. Also they are the <a href="https://zilliobit.com/solutions/gamification/">top gamification companies in India</a> and also <a href="https://zilliobit.com/">top e learning companies in India </a> 
sanket@0001212
50%
50%
[email protected],
User Rank: Apprentice
12/18/2019 | 8:03:09 AM
Amazing Content

Wonderfull. Thanks for sharing.



COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
CVE-2020-25598
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
CVE-2020-25599
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
CVE-2020-25600
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...