Wout Debaenst’s FIRST talk (video) described the preparatory steps an adversary must take before conducting a targeted phishing campaign, and the opportunities each of these presents for defenders to detect and prevent the attack before it happens. The talk was supposed to be accompanied by live demos, but these were sufficiently realistic that the hosting […]
My post about automating incident response prompted a fascinating chat with a long-standing friend-colleague who knows far more about Incident Response technology than I ever did. With many thanks to Aaron Kaplan (AK), here’s a summary of our discussion… Developments in automated defence AK: Using Machine Learning (“AI”) in cyber-defence will be a gradual journey. […]
Threat hunting is perhaps the least mechanical of security activities: according to Joe Slowik’s FIRST presentation (video) the whole point is to find things that made it past our automated defences. But that doesn’t mean it should rely entirely on human intuition. Our hunting will be much more effective if we think first about which […]
Following my Networkshop talk on logfiles, I was asked at what point logfiles can be treated as “anonymous” under data protection law. Since the GDPR covers all kinds of re-identification, as well as data that can “single out” an individual even without knowing their name, that’s a good CompSci/law question: the work of Paul Ohm […]
Two common concerns in incident response are (a) not having the data needed to investigate an incident and (b) not being able to find signs of incidents in a mass of other data. My Networkshop talk (see “Making IT Safer… Safely”) looked at how the GDPR principles might help us to get it, like Goldilocks’ […]
In response to my posts about the relevance of the draft EU AI Act to automated network management one concern was raised: would falling within scope of this law slow down our response to attacks? From the text of the Act, I was pretty sure it wouldn’t, so I’m grateful to Lilian Edwards for the […]