MalwareVirus said:
@Prorootect
Mersi for the tool & info.I am looking into snort & ossec these days but i think they all for companies or organization as they work like NIPS
.I don't know how they work but it is intersting to me to know how they work.
Interesting read I think, by Dmitri Alperovitch, CTO of CrowdStrike:
Active Defense: Time for a New Security Strategy : http://www.crowdstrike.com/blog/active-defense-time-new-security-strategy/index.html
.. The reality is that existing security solutions merely focus on improving detection rates and attempting to swat away adversary intrusions, instead of fundamentally raising the cost and risk to the attackers. Basic probability theory tells us that even if these solutions are able to achieve an effectiveness rate of 99%, all that means is that a persistent attacker has to attempt to compromise the network just 250 times before he has an over 90% chance of success. ..
.. Active Defense is NOT about “hack-back”, retaliation, or vigilantism. At CrowdStrike, we are fundamentally against these tactics and believe they can be counterproductive, as well as potentially illegal. Instead, an effective Active Defense strategy needs to focus on all 4 of the following key elements:
Real-time detection of adversary intrusion attempts into our systems and networks that focuses on identifying their unique tradecraft and essential mission objectives, as opposed to easily changeable indicators of compromise
Attribution of threat actors in order to understand their identities, intent, and mission objectives - both of the intruders themselves, as well as of those who may be tasking them to steal or receive stolen intellectual property
Flexibility of response actions that include traditional passive defense options such as prevention and alerting, but also deception, containment, tying up adversary resources, and creating doubt and confusion while denying them the benefits of their operations. This furthers the goal of increasing attacker's costs and empowers defenders to collect additional intelligence on the adversaries and their tradecraft, while simultaneously preventing damage to their networks
Intelligence dissemination to facilitate corrective and deterrent action. This can include real-time information sharing designed to deny the adversary the use of their tradecraft, not just specific tools, against a wide range of victims. This also enables joint action with other industry partners and government agencies to employ civil litigation, trade sanctions, and criminal prosecution tools against the threat actors
We agree with the US government that the time for passive countermeasures has long passed and it is necessary to engage in a new Active Defense strategy, aimed squarely at the determined adversaries that we currently face.
That’s why today we’re announcing the launch of CrowdStrike Falcon, a Big Data Active Defense platform that is the technology implementation of an Active Defense strategy. It is in private beta, and will be available soon to enterprises and government agencies to enable them to effectively deal with the targeted attack problem.
For the past 15 months, our incredible team of world-class architects and engineers, who have joined CrowdStrike from companies as varied as Apple, Amazon, Google, VMware, Microsoft, and Blizzard, to name just a few, have been hard at work designing and building this radically new security model. ..
----------------------------------------------
Black Hat 2013: 14 Security Firms That Piqued Hackers' Interest : http://www.crn.com/slide-shows/security/240159456/black-hat-2013-14-security-firms-that-piqued-hackers-interest.htm?pgno=2
HUNT or BE HUNTED: http://www.crowdstrike.com/blog/hunt-or-be-hunted/index.html
CrowdStrike on Twitter: https://twitter.com/CrowdStrike/