Blog | G5 Cyber Security

Security Event Correlation: Looking Back, Part 2

Security Event Correlation: Looking Back, Part 1 I discussed a story from November 2000 about security event correlation. The article shows how an adversary scans for CGI scripts phf, formmail, and survey.cgi, and how four data sources — a router, a firewall, an IDS, and a Web server — see the reconnaissance events. There is zero mention of whether the target of this incident matters, or what compensating controls might exist, or a dozen other lacking contextual issues. In other words, correlation isn’t the governing principle; access to the right sort of evidence dominates.”]

Source: https://taosecurity.blogspot.com/2008/10/security-event-correlation-looking-back_25.html

Exit mobile version