Anomalies
341 views | +0 today
Follow
Anomalies

Anomalies

Outliers, aberrations, fat tails, trouble at the mill and maybe something good once in awhile
Curated by Ellie Kesselman Wells
Your new post is loading...
Your new post is loading...
Scooped by Ellie Kesselman Wells
Scoop.it!

Will Too Much Data Blind You to a Data Breach on Your Network?

Will Too Much Data Blind You to a Data Breach on Your Network? | Anomalies | Scoop.it
From innovationinsights.wired.com - August 14, 2014 11:45 PM

A series of disconnected events can be used to identify a threat.


 


Imagine your system alerting you that one of your endpoints has received a suspicious file from a suspicious site. It generates a low priority alert that gets lost in the flood of other alerts.


The infected endpoint connects to several popular news sites and downloads their front page. This will not generate any alerts. What happened is that the infected endpoint just confirmed network connectivity. 


After several hours, your alert screen, having wrapped a few hundreds of times since the infection, reports another low priority alert. The infected endpoint (bot) is now trying to locate other bots by looking up randomly generated URIs based on dynamic DNS domains. Your IPS sees this as a number of failed DNS queries followed by a successful one. The newly infected bot then connects to another bot downloading its payload with no traffic traversing the IPS since it is not communicating outside. 


Does this sound far-fetched and unlikely, like an extreme example? Well, this is how Kraken works, and the Kraken botnet has been active since at least 2008.

Ellie Kesselman Wells's insight:

"Next-gen" Intrusion Protection Systems can be misleading. The primary concern should be stronger security infrastructure, while making the best use of analysts’ time.

more...
No comment yet.
Sign up to comment
Rescooped by Ellie Kesselman Wells from Big Data Technology, Semantics and Analytics
Scoop.it!

Investigating the Investigations - X Marks the Spot

Investigating the Investigations - X Marks the Spot | Anomalies | Scoop.it
From fightfinancialcrimes.com - April 29, 2014 2:24 AM

"Most of the financial crimes investigators I know live in a world where they dream of moving things from their Inbox to their Outbox..."


Via Tony Agresta
Ellie Kesselman Wells's insight:

The field is enterprise fraud detection. Investigating is the starting point. Adjudication is the final outcome of fraud detection and analysis.


Data (repositories such as enterprise data warehouses)  +

Technology (secure sharing across jurisdictions, automated link discovery, non-obvious relationship detection and identity resolution) are used to uncover insights which result in adjudication and closure of a complex incident investigation.

more...
Tony Agresta's curator insight, December 3, 2013 2:48 PM

Here's another good post from Doug Wood of www.fightfinancialcrimes.com.   Advances in technology are revolutionizing how fraud investigations are being done today.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn