tag:blogger.com,1999:blog-4088979.post1881051351765887194..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Network Security Monitoring for Fraud, Waste, and AbuseRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4088979.post-62561282458177150732008-03-12T16:09:00.000-04:002008-03-12T16:09:00.000-04:00You might find http://blogs.forrester.com/srm/2008...You might find http://blogs.forrester.com/srm/2008/02/what-can-cisos.html<BR/>relevantMarcin Antkiewiczhttps://www.blogger.com/profile/11566511298981862076noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-88787177406858060372008-03-09T06:58:00.000-04:002008-03-09T06:58:00.000-04:00Dutcher Stiles,Nice try. I worry about insider th...Dutcher Stiles,<BR/><BR/>Nice try. I worry about insider threats that try to compromise CIA, not surf pr0n. I also do not minimize the "impact of the insider threat." I've often said the <B>impact</B> of the insider threat is greater than other threats, but the <B>rate of occurrence</B> is much lower than what the media and "conventional wisdom" would have us believe.<BR/><BR/>If you think NSM is a "poor match... to fight FWA" you have probably never watched network traffic.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-41871609871607124712008-03-09T01:00:00.000-05:002008-03-09T01:00:00.000-05:00How would you distinguish between the "insider thr...How would you distinguish between the "insider threat" and "fraud, waste, and abuse"? <BR/><BR/>Is there a correlation between the poor match of NSM as a tool to fight FWA, and your minimization of the impact of the "insider threat"?Dutcher Stileshttps://www.blogger.com/profile/04402646159787710342noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-72954225918271273142008-03-08T19:31:00.000-05:002008-03-08T19:31:00.000-05:00I think that most in the industry, not just IA but...I think that most in the industry, not just IA but incident response, would say that support of FWA issues has become more and more part of the day-to-day activities we must execute; at least that has been my experience. With the integration of activity monitoring applications (web proxies monitoring the list of sins, etc.) with application firewalls, etc. it seems inevitable that this will continue as it allows non-IA people to look at the alerts/capabilities and think, "hey, this way the incident response team can help us keep tabs on this." Back to the churn of identifying what incident response "is" vs what it "isn't" vs what it "should be".....Kevin A. Estishttps://www.blogger.com/profile/07360759047604894473noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-80597436944955803332008-03-08T17:13:00.000-05:002008-03-08T17:13:00.000-05:00Good post, thanks. I think your last sentence is p...Good post, thanks. I think your last sentence is probably critical... Most of us would probably agree that NSM's primary function shouldn't be to combat FWA. However, since many information security departments are tasked with carrying out investigations at the request of HR, legal, etc, it is simply practical to use the tools at our disposal to conduct these investigations as efficiently as possible. If an NSM sensor can help do that, it should be used.Anonymousnoreply@blogger.com