Anomalies
321 views | +0 today
Follow
Anomalies
Outliers, aberrations, fat tails, trouble at the mill and maybe something good once in awhile
Your new post is loading...
Your new post is loading...
Rescooped by Ellie Kesselman Wells from HIPAA Compliance for Medical Practices
Scoop.it!

Will Too Much Data Blind You to a Data Breach on Your Network?

Will Too Much Data Blind You to a Data Breach on Your Network? | Anomalies | Scoop.it

A series of disconnected events can be used to identify a threat. Imagine your system alerting you that one of your endpoints has received a suspicious file. You have a sophisticated IPS that is capable of informing you that the file came from a suspicious site. The latter event is not enough to convict the file – therefore it generates a low priority alert that gets lost in the flood of other alerts... The infected endpoint connects to several popular news sites and downloads their front page. This will not generate any alerts; but a good network behavioral analysis engine, which is part of a “next generation” IPS solution, would log the activity. Your analysts have plenty to do, so this is clearly not going to get their attention. What has really happened is that the infected endpoint just confirmed network connectivity. After several hours, your alert screen, having wrapped a few hundreds of times since the infection, now reports another low priority alert, but on its own is not sufficient to convict the endpoint as compromised. The infected endpoint (bot) is now trying to locate other bots by looking up randomly generated URIs based on dynamic DNS domains. Of course, your IPS cannot know these are randomly generated URIs, but sees a number of failed DNS queries followed by one successful one. The newly infected bot then connects to another bot downloading its payload with no traffic traversing the IPS since it is not communicating outside. Does this sound far-fetched and unlikely, like an extreme example? Well, this is how Kraken works, and the Kraken botnet has been active since at least 2008.


Via Technical Dr. Inc.
Ellie Kesselman Wells's insight:

"Next-gen" Intrusion Protection Systems can be misleading. The primary concern should be stronger security infrastructure, while making the best use of analysts’ time.

more...
No comment yet.
Scooped by Ellie Kesselman Wells
Scoop.it!

Highway Trust Fund Ticker | U.S. Department of Transportation

Highway Trust Fund Ticker | U.S. Department of Transportation | Anomalies | Scoop.it
Ellie Kesselman Wells's insight:

Based on current spending and revenue trends, the U.S. Department of Transportation estimates that the Highway Trust Fund will run out of money to maintain and repair surface roadways before the end of the fiscal year (in mid October 2014). Anticipation of a deficit scenario is already impacting transportation planning at the state level, including Arkansas and Georgia.

more...
No comment yet.