On Tue, Jul 10, 2012 at 3:32 AM, shawn wilson <ag4ve.us@gmail.com> wrote:
On Mon, Jul 9, 2012 at 11:22 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
But to help protect the private sector, he said it was important that the intelligence agency be able to inform them about the type of malicious
translated: "Hey, what if we could tell our private sector partners (Lockheed-Martin, for instance) that they should be on the lookout for things like X, or traffic destined to Y, or people sending all their DNS queries to these 5 netblocks." (dcwg.org sorta crap)
or, lets take a real example - rsa gets compromised and a third of the authentication tons (most?) of government agencies were using is all of a sudden vulnerable (possibly more than that if you consider that rsa could've lost classified technology). rsa has to realize the threat and can take their time to disclose what they want to disclose.
sure, this isn't really in line with the idea I was getting at, except that: "Hey, PRC located ips really might be using token-auth to login to your systems, w00t!"
i think if i were in the power to fix that, i would *try* :) ie, i highly doubt a massively scaled system has a chance at detecting most apt.
it might not, but discounting/dealing with all the cruft that today takes up your ops-folks time easily/mechanically surely frees the mup to focus on the things that they REALLY need to pay attention to... Essentially, filter out the garbage, focus on the actual threats to your business. The shared data pool COULD do that.
also, i don't really like the idea that someone might be monitoring my activities (who watches the watchers). however, if i were in the
if you work for a corporation (in the US at least) ... the corporation already has been monitoring your activities, you signed (in almost all cases) a paper acknowledging that fact, w00t!
position of acquiring data about threats, i think i'd try to suck in as much data as i had the processing power to manage.
exactly... and if done right, the 'service in the cloud' (or whatever) that aggregates, can do some bunches of that processing for you. -chris