When I was younger, and printed newspapers were a more common household purchase, I remember fondly watching my mother play a game called “Spot the Ball.” For those of you not familiar with this, it consisted of a photograph of a recent football (soccer) match with the ball removed from the image, and the goal was to place a cross or series of crosses indicating where you thought the ball was. Inevitably, the paper would use pictures that included the athletes looking in various directions so as to throw the newspaper contestants off the scent, thus requiring incredible levels of accuracy to win a game that hundreds would play every day.

Why all this talk about an obscure game? Well, the game came to mind the other day as I was working my way through some security data trying to pinpoint a specific piece of information. The problem I had was that there are many signals (like the players looking the wrong way) that distracted from what I was looking for, and even when I started to zoom in on a general area, assessing the space was difficult. In the newspaper’s Spot the Ball game, regular participants would buy a small rubber stamp that had dozens of little crosses as a “fix” for this problem. This got me thinking about precision in cybersecurity.

Precision in Cybersecurity

When we talk about security hunting with File Integrity Monitoring (FIM), it’s easy to consider the best approach as being 100% accurate, but the reality is that with so many unknowns, chasing 100% accuracy is a fool’s errand. Instead, our coverage must be just wide enough to capture what’s important to give us a chance of winning. Ensuring we can spot the general pattern is important so that we don’t start (Read more...)