Ross Anderson summarizes a meeting in Princeton where Edward Snowden was “present.” Third, the leaks give us a clear view of an intelligence analyst’s workflow. She will mainly look in Xkeyscore which is the Google of 5eyes comint; it’s a federated system hoovering up masses of stuff not just from 5eyes own assets but from other countries where the NSA cooperates or pays for access. Data are “ingested” into a vast rolling buffer; an analyst can run a federated search, using a selector (such as an IP address) or fingerprint (something that can be matched against the traffic)
An exciting announcement made at RSA 2015 was the strategic partnership between Fortinet and Exodus Intelligence (featured recently on the cover of Time magazine). This relationship is designed to facilitate information sharing between the two organi…
There is so much marketing buzz around Threat Intelligence (TI) these days.
5 retweets 2 favorites
Keeping an eye on your logs is critical (really, its number 14 on the SANS critical list of controls: https://www.sans.org/critical-security-controls/control/14 .) Earlier Rob VandenBrink shared some techniques to find nuggets hiding in your logs ( https://isc.sans.edu/forums/diary/Syslog+Skeet+Shooting+Targetting+Real+Problems+in+Event+Logs/19449/ .) Today Im going to share some tricks to squeeze every last bit out of your logs through repurposing logs. I mean repurposing log files, not this: https://www.pinterest.com/dawnreneedavis/repurposed-logs/ . Logs are given their original purpose when programs determine when and how theyre going to record a log entry.
This video describes some of the new features that are available in McAfee Enterprise Security Manager 9.5.
2 retweets 2 favorites