When an intrusion or attack happens, it’s hard to resist asking the question: who is the threat actor responsible, and why did they do it? However, it’s challenging to gather concrete proof, and these questions only provide psychological comfort.
Instead of asking WHO is behind the attack, our efforts towards attribution should be directed towards the controls that failed and HOW the threat actors were successful.
In this episode of the InSecurity podcast, host Shaun Walsh is joined by special guest J. Oquendo as they discuss the problem of attribution in cybersecurity.
J. Oquendo is an influential security professional specializing in red (penetration testing), green (DFIR) and blue (defense) teaming strategies.
His expertise also includes net forensics (packet fun), system forensics, mobile forensics, covert network attacks, covert network exploitation, information assurance, information operations, and threat analytics.
Shaun Walsh (@cingulus) leads Cylance’s global marketing strategy, channels, campaigns, digital marketing and communications efforts.
Prior to joining Cylance, Shaun served as VP of Corporate Marketing and GM of the Ethernet business unit at QLogic, and previously served as the SVP of Marketing and Corporate Development at Emulex.
// Return false to prevent the submission handler from taking the lead to the follow up url
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Podcasts. Read the original post at: https://threatmatrix.cylance.com/en_us/home/insecurity-j-oquendo-on-attribution-who-and-why-vs-how-and-what.html