It is instrumented to send data to a Splunk server. In an effort to address this problem, the Splunk Security Research Team recently released a framework for replication, verification, and data production of attacks in a shareable, community-friendly fashion. Further, in most enterprises, the simulation or replication of attack code is simply banned. Even in groups or organizations that share such information, it comes in very specific forms that won't reveal the whole picture (i.e., a compiled binary that may contain malicious code instead of the actual exploit source code, for example). Companies tend to protect their defense artifacts updates (such as antivirus or firewall signatures) so they can monetize them. Unfortunately, the security industry isn't much help.
While Internet resources can be helpful for analysts as they endeavor to stay abreast of new attack trends and techniques, deeply understanding and replicating public exploits requires capabilities beyond those of the common SOC. But there is no such thing as an ideal world. In an ideal world, companies could and would be able to devote a sufficient number of resources to ensure that they keep pace with the bad guys.
Attackers' techniques constantly mutate and evolve, like biological viruses, forcing security professionals to continuously evolve their strategies to combat them. Security has always been a sophisticated cat-and-mouse game and a creative one at that.
0 kommentar(er)
