by Anton Chuvakin | April 4, 2013 | 4 Comments
“Here is a ‘bad’ IP – let’s ACL the sucker!” thinking is many people’s first experience with technical shared security data. However, as I pointed out in my previous blog post, “Consumption of Shared Security Data”, it is definitely not the only way – and often not the most useful way – of consuming shared [...]
Category: security sharing Tags: data sharing, security
by Anton Chuvakin | March 22, 2013 | 1 Comment
The theme of "your detection is my prevention", whispered among The Enlightened Few of security data sharing, works as a good motivator for both sharing and consuming the shared security information (in this post, BTW, ‘data’ and ‘information’ are used interchangeably). Even if "your detection is my FASTER detection" is what happens in your environment, [...]
Category: monitoring security sharing Tags: data sharing, security, security monitoring
by Anton Chuvakin | February 20, 2013 | 1 Comment
One of the key, absolutely key, factors in sharing of security-relevant information (be it IOCs, custom malware, detection specifics or “breach” costs) between organizations is TRUST. Even if an organization is promised the world of value in exchange for sharing their information with a particular group, sharing is unlikely in the absence of trust. Value [...]
Category: security sharing Tags: data sharing, security
by Anton Chuvakin | February 10, 2013 | 3 Comments
As I promised in my post On Security Data Sharing, we are starting a new research project on information security data sharing. Specifically, our research (joint with Dan Blum) will focus on how organizations can benefit from shared security data, what types of data can/should be shared, what are the barriers to sharing, what methods [...]
Category: data security sharing Tags: data sharing, security
by Anton Chuvakin | May 29, 2012 | 4 Comments
Here is something else interesting about Denial of Service defense approaches: you cannot do it alone. Think about it: it is more profound than it sounds. You can protect from buffer overflows and SQL injections on your own. And, yes, occasionally you’d need a patch from a 3rd party (such as your software vendor), but [...]
Category: collective Denial of Service security Tags: data sharing, Denial of Service, DoS, security
by Anton Chuvakin | May 9, 2012 | Comments Off
It is truly maddening to see examples of bad guys sharing data, tricks, methods and good guys having no effective way of doing it. Moreover, it is considered acceptable to sit on the "hard-earned" knowledge of ways you used to detect that proverbial advanced attacker while your peers in other organizations are being owned by [...]
Comments Off
Category: analytics collective security Tags: data sharing, security
