It is difficult to define criticality
Posted: Sun Feb 09, 2025 5:21 am
Insufficient flexibility. Attack technologies used by intruders are constantly being improved, which places high demands on the technical capabilities of the monitoring system, the complexity of modification and maintenance of correlation logic, while simultaneously ensuring established procedures and SLA.
The costs of ensuring security and investigating incidents never allow for 100% coverage. A successful SOC must have clear parameters for defining incident criticality and use a risk-based approach.
Failure to use best practices. Industry and informal communities allow for the exchange of relevant information on countering attackers. Situation centers that do not use these opportunities are less effective.
Security Tales: Spy Cigarettes
Vladimir Bezmaly | 22.06.2017
- Mr. Commissioner! We urgently need to somehow download the file from Don Vittorio's computer. But the problem is that it is impossible to do this from the outside, and we do not have physical access to the laptop.
- Call the department of intellectual crimes. But first, get as much information as possible about Don Vittorio. You may be asked some very strange questions.
Three days passed.
- Johann, this is the police commissioner calling you. We have a request for your help.
- Good afternoon, Mr. Commissioner. What happened?
— We need to download a file from Don Vittorio's laptop. But he doesn't let anyone but his son access it, and it can't be done from the Internet. Can you help?
- Of course. And what do you know about his son?
— Young man. Frequent of trendy parties. Doesn't indulge in drugs. Smokes only electronic cigarettes. Frequently visits the bar "Full Moon".
- Mr. Commissioner, do you have your own skilled pickpocket?
- You ask! Of course.
— First of all, we need to know what company’s cigarettes the young man smokes.
- I was prepared for such a question. This is a product of the company A.
- Excellent. Get us two of those. Exactly like the ones this young man has.
— They will be with you in two hours.
Two hours passed.
- Mark, we need to replace the controller of these cigarettes in such a way as to rewrite a certain file to the flash drive when charging these cigarettes from the USB port.
- Got it, boss! We'll do it. Nothing will be nepal mobile database from the outside.
A day passed.
- Boss, here are your ordered cigarettes. Yes, you can smoke them too!
- Mr. Commissioner! Give these cigarettes to your pickpocket. He will have to replace the cigarettes of Don Vittorio's son. And then, in 24 hours, replace them back. The son always charges this crap from his father's laptop.
The costs of ensuring security and investigating incidents never allow for 100% coverage. A successful SOC must have clear parameters for defining incident criticality and use a risk-based approach.
Failure to use best practices. Industry and informal communities allow for the exchange of relevant information on countering attackers. Situation centers that do not use these opportunities are less effective.
Security Tales: Spy Cigarettes
Vladimir Bezmaly | 22.06.2017
- Mr. Commissioner! We urgently need to somehow download the file from Don Vittorio's computer. But the problem is that it is impossible to do this from the outside, and we do not have physical access to the laptop.
- Call the department of intellectual crimes. But first, get as much information as possible about Don Vittorio. You may be asked some very strange questions.
Three days passed.
- Johann, this is the police commissioner calling you. We have a request for your help.
- Good afternoon, Mr. Commissioner. What happened?
— We need to download a file from Don Vittorio's laptop. But he doesn't let anyone but his son access it, and it can't be done from the Internet. Can you help?
- Of course. And what do you know about his son?
— Young man. Frequent of trendy parties. Doesn't indulge in drugs. Smokes only electronic cigarettes. Frequently visits the bar "Full Moon".
- Mr. Commissioner, do you have your own skilled pickpocket?
- You ask! Of course.
— First of all, we need to know what company’s cigarettes the young man smokes.
- I was prepared for such a question. This is a product of the company A.
- Excellent. Get us two of those. Exactly like the ones this young man has.
— They will be with you in two hours.
Two hours passed.
- Mark, we need to replace the controller of these cigarettes in such a way as to rewrite a certain file to the flash drive when charging these cigarettes from the USB port.
- Got it, boss! We'll do it. Nothing will be nepal mobile database from the outside.
A day passed.
- Boss, here are your ordered cigarettes. Yes, you can smoke them too!
- Mr. Commissioner! Give these cigarettes to your pickpocket. He will have to replace the cigarettes of Don Vittorio's son. And then, in 24 hours, replace them back. The son always charges this crap from his father's laptop.