Cyberweekly #196 - Knowing when you are compromised, and doing something about it
cyberweekly.substack.com
“Just log more” is the advice that we see most often from cybersecurity defenders and cyber talking heads (which reminds me of Max Headroom). But defenders are often sifting through mountains of log entries, and given the increasingly distributed nature of our systems, they might be getting logs from systems they neither control, not have any awareness of. It’s incredibly difficult to tell between someone forgetting their password and taking a few tries and an attacker trying to brute force an account, it’s even harder to tell the difference between an attacker and when IT have made a change to move a device and it’s constantly retrying to join the network.
Cyberweekly #196 - Knowing when you are compromised, and doing something about it
Cyberweekly #196 - Knowing when you are…
Cyberweekly #196 - Knowing when you are compromised, and doing something about it
“Just log more” is the advice that we see most often from cybersecurity defenders and cyber talking heads (which reminds me of Max Headroom). But defenders are often sifting through mountains of log entries, and given the increasingly distributed nature of our systems, they might be getting logs from systems they neither control, not have any awareness of. It’s incredibly difficult to tell between someone forgetting their password and taking a few tries and an attacker trying to brute force an account, it’s even harder to tell the difference between an attacker and when IT have made a change to move a device and it’s constantly retrying to join the network.