![]() ![]() ![]() As we have encountered in just about all our trips around the world meeting with some of the largest companies, governments, defense organizations, and so on in the world, the majority concern about any network security technology relates to the possibility of it affecting network performance, and thereby their business operations. Additionally, depending on the industry vertical you are in, you might be more risk adverse in terms of how you deploy certain technologies. These technologies are typically not on the radar for most organizations as they might not have heard of them, or do not have the budget to expand their current security strategy beyond the typical core security devices that you would expect to find on most corporate networks. This will require some of you to go outside your comfort zone and realize that your approach has to be agnostic in terms of security technology. When looking at different concepts in terms of securing your network, you have to approach it without technology religion. In the following section, we cover advanced meta-network analysis. ![]() Some of these advanced technologies require expertise in analysis but you can learn them and apply those principles in order to provide a higher level of assurance, and at the same time, lower your risk profile. The 20% of attacks that are not covered by the current security technologies that you might deploy do require additional technologies to fill the gap. As we mentioned earlier in the chapter, on some of the misconceptions with firewalls, IDSs, and AV, there are some security gaps that they do not fill. You can rest assured that the majority of the security vendors have the capability of identifying it at the end-point or at network level. We say that with great certainty, as if the attack, vulnerability, and/or exploit have a name. However, even as we write this book, it is very likely that an attack on the scale of Operation Aurora is happening right now. Conversely, the nefarious cyber actor is working diligently on the next Operation Aurora. Every security researcher is going to have his or her own approach in terms of research, data collection, and targeted technologies that he or she is researching based on his or her areas of expertise. Security research is more of an art and the tenacity to keep pushing the limits of what is possible. The MOSAIC framework is more of a statement in our approach when dealing with security. Successful demonstration of such points of conjunction aides the analyst in building his or her case, aiding him or her in driving action into realization of the results. Will Gragido, John Pirc, in Cybercrime and Espionage, 2011 Confluenceįor the security analyst, being able to demonstrate the points of confluence or convergence of disparate data sets is an imperative. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |