Expect the Unexpected

By cliang1 Comment
The network anomalies detection suddenly becomes a popular topic in cyber protection market.  This is to expect something unexpected then manage it, i.e. deviation from normal. At a glance it appears as an amazing technology: no more signature based detection, no need to update detection definition, deploy and forget solution. But if you think deeper, the technology needs a time period to learn your environment as baseline.  Any deviations from this baseline will be treated as the "unexpected". The challenges are: How do you know if current network traffic is normal but not already compromised How much time is sufficient to establish the baseline in order to reduce false negatives or false positives to acceptable trusted level? How about traffic that disappears from baseline, is the technology able to report? Seasonal network traffic will further add complication Is the technology that vendor claims only able to handle specific scenarios? Does the vendor need extensive time to learn your environment? Last but not least,...
Read More

Masquerade

By cliangNo Comments
Bison is masqueraded as swan. This is a typical trick in social engineering attack.  That's why scams in social network, email invite etc. are so successfully. So, connect only those who you meet face-to-face with their social ID exchanged on the spot, never trust email inviting you to click links for recovery of access or incentive. If the scenario matches with what you need, validate with the sender first to stay secure....
Read More