Collecting Threat Intelligence
One of the more important skills in intrusion detection and analysis is the ability to evaluate an IP address or domain name in order to build an intelligence profile on that host. Gathering this...
View ArticleDifferential Diagnosis of Network Security Monitoring Events
There are a lot of things that the industry does well when it comes to network security monitoring (NSM). For instance, I tend to think that we have data collection figured out reasonably well. I also...
View ArticleNSM Collection vs. Detection
I was going back through some old bookmarks when I stumbled upon on a post by Richard Bejtlich from 2007 entitled “NSM and Intrusion Detection Differences“. In this article, Richard discussed the...
View Article4 Ideas for Operationalizing Honeypots
I’ve always thought that the concept of a honeypot was one of the most fascinating things in information security. If you aren’t familiar with honeypots, they are basically traps used to detect or...
View Article
More Pages to Explore .....