back to article Network-sniffing, automation, machine learning: How to get better threat intel

IT teams can get away with poor service management, outdated software development methods and outdated apps running on legacy tin, but they might want to think twice before skimping on cybersecurity. If you don't stay on top of this stuff, while you might not be found out today or tomorrow, eventually, your customers’ personal …

  1. handleoclast

    SCAP

    I find it strange that nobody has mentioned SCAP in the aftermath of WannaCry. The Linux implementation is, to paraphrase Agent Cooper, a "damn fine tool." Dunno about the Windows version because the only recommendation it gives is to "format the disk and install Linux."

    BTW, the documentation claims that it should be pronounced as either "S-CAP" (ess cap) or "S C A P" (ess see ay pee). I consider that constraint to be total c-rap.

  2. P. Lee

    sigh

    Machines are really good at working on a narrowly defined problem. The classic example is chess. A massive possible data set, but the rules for what can be (how pieces move) are very strict and very few. There aren't that many areas where that kind problem domain and definition holds true.

    The problem with AI is that the promise of AI is that you can replace human analysis with machines. Unfortunately machines can easily miss what humans may not, because humans have real intelligence and intuition. How will AI end up being used - to augment humans and do what they can't, or to try to replace humans and so end up losing the more intelligent part of the team?

  3. DJ Smiley

    Until we can get the basic's right....

    We can't go any further.

    Finally some actual realistic fines - lets just hope they get enforced.

    Wannacrypt hitting 100k pc's shows that systems just aren't patched. And why? After all currently there's no more than a slap on the wrist generally from the ICO for being breached. Once the fines some how match the impact to the people who's data is being released, then we'll see rapid improvements.

  4. Anonymous Coward
    Anonymous Coward

    The Silver Lining

    "May 2017 [a day that will live in infamy, and technically not a day,] the devastating Wannacrypt ransomware worm infected millions of computers in 150 countries - on the first day of the outbreak alone."

    And I was there, well not right there, really, far away actually, but, as a compute-like professional unaffected by this outbreak, I used the worm story to get out of going to a wedding. So, thank you, miscreants! Thank you very, very much!

    I played PS4 Lego Worlds all that day, and the world is a better place for it. Although there is some drawn-in clipping, and I completely obliterated some useful feature with the terrain tool, but otherwise a fine product. Oh, and I stepped on a Lego Squirrel by accident.

  5. John Smith 19 Gold badge
    Unhappy

    TL:DR. Access control. Not just key cards and PIN's.

    Also get automated log analysis tools and learn how to use them.

    Other useful stuff.

    Set up 1 or more test PC's with the standard network build and test each new patch on them before roll out. Get it in writing from a PHB if they don't want one or more (tested to work) patches installed if they are security related. IOW it's on them if there's a breach.

    The eternal questions. What ports are open on this PC? Why exactly are they open? Can this PC be seen from the internet?

  6. Anonymous Coward
    Big Brother

    Cybersecurity operations still focus on the perimeter?

    "The simplest cybersecurity operations still focus on the perimeter, watching who tries to gain entry and blocking unauthorized parties."

    The solution being to not have a perimeter, all internal communication is done through end-to-end encrypted and authenticated channels, all users are on the outside and communicate through encrypted channels with authentication done with a hardware dongle .. I rest my case ...

  7. John Smith 19 Gold badge
    Unhappy

    "all internal communication..through end-to-end encrypted and authenticated channels,"

    Now that sounds properly paranoid.

    Sadly.

    1. Anonymous Coward
      Big Brother

      Re: "all internal communication..through end-to-end encrypted and authenticated channels,"

      "Now that sounds properly paranoid. Sadly."

      Why do you want to know, who sent you, who sent you ???

  8. razorfishsl

    In this day and age "firewalls" are basically useless.

    There is no boundary any longer , certainly in China where the majority of set top boxes and off brand mobile phones are loaded with backdoors built directly into the OS.

    On top of that you have the multitude of Desktop & mobile software , specifically written to appeal to users requirements, character input methods, translation software, cloud based hand jobs.

    looks like a translation app, acts like a translation app, unfortunately when your logged into you tax or banking app, there it is screen capping and sending highly confidential data back to the cloud and all without data encryption, but hay... it certainly translates shit.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like