tag:blogger.com,1999:blog-9518042.post7516743130861852937..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Ghost BustingUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9518042.post-34408381631363545912015-07-23T17:05:09.436-05:002015-07-23T17:05:09.436-05:00I totally agree, security analysts and engineers n...I totally agree, security analysts and engineers need freedom and time to explore and understand. Prevention technologies are important but so is information gathering and correlation leading to detection. We as defenders will have to do a better job to be proactive and get intimate with our environment, which requires patience and time.<br /><br />Thanks<br />Mazin<br /> Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-69137386901540226142015-07-16T19:45:34.218-05:002015-07-16T19:45:34.218-05:00Bill, I think you hit the nail on the head when yo...Bill, I think you hit the nail on the head when you said time and freedom. Many people are of the opinion that simply deploying technology will put them in a position to identify bad in their network and that is good enough. This simply isn't the case. It takes a lot of time and effort to first identify what you are concerned about, researching those use cases so that you know what it looks like and if you can currently detect those things. If a company is lacking the detection then time is needed to develop ways that they can so that they are confident they will be able to find it *when* it happens. This is time consuming, but needed if a company truly want's to identify intrusions. It's also a never ending cycle. Someone should never be done.Jack Crookhttps://www.blogger.com/profile/12833839809413917819noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-86881705935363771772015-07-16T13:14:26.315-05:002015-07-16T13:14:26.315-05:00...generate thought and conversation...
I greatly...<i>...generate thought and conversation...</i><br /><br />I greatly appreciate the comment.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-3677496484948792952015-07-15T07:26:15.372-05:002015-07-15T07:26:15.372-05:00OK, so I tweeted this post as great. Actually it i...OK, so I tweeted this post as great. Actually it is very good. It becomes great when you take it in combination with the two blog posts referenced and some honest thought. Most Corporate Security dollars seem to be spent on the Prevention element mentioned here. The powers that be think we can a or should be able to, prevent intruders from our environments. They willingly (or begrudgingly) plunk down money to buy FWs and IDS. But little or no thought or money goes to the detection and response to intrusions. How well equipped are our labs, and how much time freedom do we have to detect and identify artifacts and evidence of an intruder. Our leadership want us to do OODA backwards, we are pressured to Act first, then they decide if our actions were correct and warranted. The opportunity to Observe and orient our work is rare.The real failure is that we as practitioners get accustomed to operating this way and have become resigned and do not challenge myths. We have to start in even small ways to reinforce reality not myth. A great post doesn't have to be earth shattering or break new techno ground, it just needs like these three to generate thought and conversation among those who undertake these tasks. Billhttps://www.blogger.com/profile/03467897888764201705noreply@blogger.com