Expect the Unexpected

By cliang1 Comment
The network anomalies detection suddenly becomes a popular topic in cyber protection market.  This is to expect something unexpected then manage it, i.e. deviation from normal. At a glance it appears as an amazing technology: no more signature based detection, no need to update detection definition, deploy and forget solution. But if you think deeper, the technology needs a time period to learn your environment as baseline.  Any deviations from this baseline will be treated as the "unexpected". The challenges are: How do you know if current network traffic is normal but not already compromised How much time is sufficient to establish the baseline in order to reduce false negatives or false positives to acceptable trusted level? How about traffic that disappears from baseline, is the technology able to report? Seasonal network traffic will further add complication Is the technology that vendor claims only able to handle specific scenarios? Does the vendor need extensive time to learn your environment? Last but not least,...
Read More

Improper Usage

By cliangNo Comments
Park your car at a legitimate parking lot in the street. What's wrong? Even it is a legitimate parking zone, the permitted usage restricts to bus only. Similarly in the cyber world, proper usage is essential to stay secure. Examples are software license (commercial or personal; by device or user; internal or Internet facing application), penetration tools (for authorized  assessment or malicious purpose), specific hardware (prohibit for re-export to 3rd party) etc....
Read More

CONFIDENTIAL?

By cliangNo Comments
People talk about leaking company CONFIDENTIAL information.  It is not just a word slipped from your mouth to blame your staff but a proper management system to formalize it. You have to rethink: - Do you have an information classification policies? - Does your information carry any classification marking? And if no marking, what is the default classification? No classification label should never be regarded as CONFIDENTIAL. - Are you holding information that is also available from other sources or publicly known? - Have you provided training or orientation to raise the staff awareness the proper handling of company information? If you don’t have any one of these, it’s the fault of your company but not your staff....
Read More

Masquerade

By cliangNo Comments
Bison is masqueraded as swan. This is a typical trick in social engineering attack.  That's why scams in social network, email invite etc. are so successfully. So, connect only those who you meet face-to-face with their social ID exchanged on the spot, never trust email inviting you to click links for recovery of access or incentive. If the scenario matches with what you need, validate with the sender first to stay secure....
Read More