Tuesday, February 14, 2017

PacketTotal

The SANS Storm Center did a diary article on PacketTotal, which you can find here. PacketTotal is a (free) site where you upload a pcap (up to 50 Mb) and the site will analyze it and give you an console view that includes malicious or suspicious activity as well as a break out of http, dns and other protocols. It will also give you a nice timeline graph showing the packets as they interact, which is really nice.  Lastly, you get an analytics page if you like graphs showing the breakout of stats on the traffic. You can find it at, yes, packettotal.com.



Monday, February 6, 2017

Fixing the Nations CyberSecurity Professionals Shortage Problem

There is no shortage of security vendors. There is not a shortage of good security tools. Whatever tool you need, there are probably a dozen companies that have a tool that fits your need. Automation is necessary, given the huge amount of alerts, logs and IOC's a security analyst must deal with. But not everything can be automated. Automation is a means to an end, not the end itself. It sorts and reduces the amount of data an intrusion analyst must look at and can point him/her in the right direction. But at the end of the day, it's the analyst, not the tool, that must make the correct assessment. And that takes education, experience and then continual training. Without good analysts looking at the output of the tools, the end result is nothing more than a slightly educated guess. And the protection of our networks and data stores can't rely on guesses based on a tool. 
Apprenticeship and mentoring may be one way to speed up the on-boarding of new cyber-security professionals.

Blog Archive