Argus detecting historical APT1 activity #3 cont
Harry Hoffman
hhoffman at ip-solutions.net
Tue Apr 16 15:36:37 EDT 2013
Hi Carter,
So, I'm curious about your statement of using Argus for false positive
rejection.
We do something similar with DMCA takedown notices, in that if we don't
see corresponding argus data we consider the notice as invalid.
Are you referring to a similar process or are they doing something more
specialized with argus?
Cheers,
Harry
On 04/16/2013 11:13 AM, Carter Bullard wrote:
> Hey Craig,
> Don't get me wrong, anything that can help find the bad guy/girl/whatever,
> is a good thing, but Argus is a very specific implementation of comprehensive
> network auditing, a fundamental security mechanism. IDS's and anomaly
> detectors are not fundamental security mechanisms, they are interesting
> technology, that support a single phase of the Cyber Security Incident
> lifecycle, penetration identification. If you've already been penetrated, or
> if its an insider, like 80% of incidents are, these methods are theoretically
> useless, because there isn't anything for them to detect.
>
<snip>
More information about the argus
mailing list