Detection Engineer. Ostensibly.
Irony Engineer. Passionately.
People love me @redcanary. Probably.
(but they don't endorse my ramblings. Surely.)
Nobody:
Me: changes the language setting on networked storage to Russian to avoid them getting ransomed.
I’ve noticed something when I meet a person. They ask what I do, I say cybersecurity blah blah, and their response is almost always one of the following:
1: Interesting, my company/school/church/city/bank got ransomed recently (they proceed to tell me about lost data, how painful it was, etc)
2: Oh cool, I use duck duck go
3: So, do you catch people watching porn a lot?
@RyanStalets that’s the part I’m trying to figure out, having never worked in a big Fortune company. Because I would have assumed that, the bigger you get, the more an IT/security team would break up their baseline to say “the west coast development department uses X software, A-F IP addresses, and logs on between these times. But if the east coast sales team is using that software, or logging in at Y hours then we have a potential issue”
But, that’s a lot of work. So do these companies just give up on any idea of a baseline and resort to using overly general, false positive-prone concepts? If they outsource their security to an MSSP or MDR, how much input do they give to help those outside orgs build a good baseline? Or is everyone just resorting to generalities?
More and more, I’ve been hearing the sentiment that knowing your baseline isn’t practical, though it’s core concept I’ve been raised on. So maybe my methodology is outdated compared to what companies are doing today
Casey Newton