Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Simple Windows Hardening
Message
<blockquote data-quote="ForgottenSeer 95367" data-source="post: 1005190"><p>This point of view shows a lack of understanding of how SRP is designed and deployed.</p><p></p><p>The whole context of SRP has always heen, and remains, active threat intelligence used to craft the policies (Microsoft itself has an entire workgroup devoted to this task). The source of that context is exactly what you fallaciously claim that SRP does not rely upon:</p><p></p><p>1. kill chain</p><p>2. source</p><p>3. command lines</p><p>4. parent-child</p><p>5. etc</p><p></p><p>Threat intelligence (context) for SRP [and other products in the same vein - even Splunk, Snort] is available everywhere. From the open SecOps community to privately purchased Threat Analytics & Intelligence.</p><p></p><p>What did you think - that an ape is put into a cage and made to pick just process names and file types out of a hat randomly to create SRP policies?</p><p> </p><p></p><p>On the face of it, but that point of view is misleading. Highly effective security policies are distilled from hyper-detailed context down to their simplest operational form needed to protect on the endpoint. Because of this simplicity and reliability, hundreds of millions of systems running SRP function flawlessly while remaining uninfected with a very low probability of becoming infected.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 95367, post: 1005190"] This point of view shows a lack of understanding of how SRP is designed and deployed. The whole context of SRP has always heen, and remains, active threat intelligence used to craft the policies (Microsoft itself has an entire workgroup devoted to this task). The source of that context is exactly what you fallaciously claim that SRP does not rely upon: 1. kill chain 2. source 3. command lines 4. parent-child 5. etc Threat intelligence (context) for SRP [and other products in the same vein - even Splunk, Snort] is available everywhere. From the open SecOps community to privately purchased Threat Analytics & Intelligence. What did you think - that an ape is put into a cage and made to pick just process names and file types out of a hat randomly to create SRP policies? On the face of it, but that point of view is misleading. Highly effective security policies are distilled from hyper-detailed context down to their simplest operational form needed to protect on the endpoint. Because of this simplicity and reliability, hundreds of millions of systems running SRP function flawlessly while remaining uninfected with a very low probability of becoming infected. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
