🙂

Our “Applying Network-Centric Approaches for Threat Detection and Response” Paper Publishes

After many discussions and a bit of a re-write, our new paper “Applying Network-Centric Approaches for Threat Detection and Response” is finally ready (Gartner GTP access required). The abstract states “The escalating ...
Emotet, Lokibot, TrickBot still impacting enterprise environments globally

Emotet, Lokibot, TrickBot still impacting enterprise environments globally

New research based on observed attack data over the second half of 2018 (2H 2018) reveals the command-and-control and lateral activities of three high-profile pieces of malware targeting large organizations in recent ...
:-)

Tricky: Will UEBA and NTA Ever Merge?

Here is an obvious, but not really obvious question: will UEBA and NTA ever merge? Admittedly, normal security people who don’t care about the changing tides of vendors and markets can skip ...
:-)

Webinar Q&A from Modern Network Threat Detection and Response

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity. Q: I ...

Upcoming Webinar: Modern Network Threat Detection and Response

Here is my next Gartner webinar; this one is focused on network traffic use for detection and response. Title: Modern Network Threat Detection and Response Date: January 29, 2019 Time: EST: 11:00 ...
Is NTA Another Kind of IDS

Is NTA Just Another Kind of IDS?

Earlier last year, Anton Chuvakin of Gartner posted a question I’ve spent the past few years focused on. Actually, I’ve focused on it since working in the Network Security Wizards office on ...
Security Boulevard

Is Encryption an NTA / NIDS / NFT Apocalypse?

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it was called ...

Let’s Go Fight IT for Logs? Agents? Taps?

This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network security monitoring ...

NTA: The Big Step Theory

Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for network-centric detection ...

Network Anomaly Detection Track Record in Real Life?

As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be sure (“OMG ...
Loading...