Login  |  Register  |  Contact

Threatpost on Active Defense

Mike Mimoso has a very good article on active defense at Threatpost. (Yes, we are linking to them a lot today).

While every corporate general counsel, CIO and anyone with a CISSP will tell you that hacking back against adversaries is illegal and generally a bad thing to do, there are alternatives that companies can use to gain insight into who is behind attacks, collect forensic evidence and generally confound hackers, perhaps to the point where they veer away from your network.

The one thing the article doesn’t spend enough time on is how useful these approaches can be for triggering alerts in your security monitoring. Especially if you correlate two or more events, which are highly unlikely to be a false positive.

I wrote about this last June with some definitions.

Finally, the CrowdStrike guys need to get their messaging lined up. Mixed messages aren’t great when you are in pretend-stealth mode.

—Rich

No Related Posts
Previous entry: The Inside Story of SQL Slammer | | Next entry: The Graduate: 2013 Style

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

Name:

Email:

Remember my personal information

Notify me of follow-up comments?