Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Spot the Ball & Security Detection Games
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Spot the Ball & Security Detection Games

5 years ago Chris Hudson
Spot the Ball & Security Detection Games

When I was younger, and printed newspapers were a more common household purchase, I remember fondly watching my mother play a game called “Spot the Ball.” For those of you not familiar with this, it consisted of a photograph of a recent football (soccer) match with the ball removed from the image, and the goal was to place a cross or series of crosses indicating where you thought the ball was. Inevitably, the paper would use pictures that included the athletes looking in various directions so as to throw the newspaper contestants off the scent, thus requiring incredible levels of accuracy to win a game that hundreds would play every day.

Why all this talk about an obscure game? Well, the game came to mind the other day as I was working my way through some security data trying to pinpoint a specific piece of information. The problem I had was that there are many signals (like the players looking the wrong way) that distracted from what I was looking for, and even when I started to zoom in on a general area, assessing the space was difficult. In the newspaper’s Spot the Ball game, regular participants would buy a small rubber stamp that had dozens of little crosses as a “fix” for this problem. This got me thinking about precision in cybersecurity.

Precision in Cybersecurity

When we talk about security hunting with File Integrity Monitoring (FIM), it’s easy to consider the best approach as being 100% accurate, but the reality is that with so many unknowns, chasing 100% accuracy is a fool’s errand. Instead, our coverage must be just wide enough to capture what’s important to give us a chance of winning. Ensuring we can spot the general pattern is important so that we don’t start hunting for the metaphorical “ball” somewhere it can’t possibly be. Once we’re there, it’s important to also have the surrounding information visible. This is one of the reasons why File Integrity Monitoring remains a vital tool for security. Although many will lament FIM’s lack of direct ties to security vulnerabilities, the problem with expecting any vulnerability tooling to pick out just one signal of a compromise is that you may quickly dismiss extra clues about a risk’s impact.

For example, ransomware doesn’t target specific file contents; it targets commonly used business file types, so protecting just the “crown jewels” is no longer enough. The same is true with email filtering as well as other focused defenses. A single malicious message or malware process that penetrates these protections can quickly spread, leading to a full-scale disaster. Instead of a laser-focused approach, we must paint our defenses with expansive strokes.

Listening to the Data

How can we work with wide-range rather than tightly focused detection methods? Machine intelligence is a start, but getting back to basics with human intelligence and detection is important, too. Presenting data and highlighting interesting elements makes it possible for human-machine collaboration. Therefore, broader user interfaces are important.

I’ve recently been building a lot of dashboards and reports with clients, showing how massive amounts of data can be simplified to summaries whilst providing ways to highlight new and interesting events on a network. Those techniques, combined with the ability to drill down into specifics, means that security researchers can go from a birds-eye view of multiple global networks all the way down to a single file hash on a single server with a couple of clicks before passing the information on to colleagues via collaboration tools or even offloading some of the data onto other tools for smart analysis.

This all got me thinking again about another “spotting” game but one I’ve been more recently playing. I’ve been blessed with spending time with some increasingly sharp young 4-5 year-olds who are enjoying spotting the differences in puzzles and Where’s Wally (or Where’s Waldo for those in other regions). It’s truly amazing to see how early we gain the ability to quickly assess big picture information and pick out relevant points of interest. In cybersecurity, it is specifically this skill that we need to start finely honing in many cases. Part of this is ensuring that more of our systems are well documented so that the interesting bits are easier to identify and evaluate as well as that security teams are “well rounded” with a good understanding of the big picture piece, including how all our modern, multi-component architectures work. Another aspect is just making sure that we have the ability to see the big picture as well as the details at all time, thus making it possible to easily move between the two with as little friction as possible.

For those of you who are interested in honing some of these skills, I’ll finish on a fun throw-back to the 2014 World Cup competition. The New York Times resurrected the Spot the Ball game. Thanks to modern technology, you can instantly see how well your predictions match with others. If you are curious about the processes behind the game and some analysis, you might also want to read how it was developed. Who knows, it might help inspire you in your threat hunting!

The post ” Spot the Ball & Security Detection Games” appeared first on TripWire

Source:TripWire – Chris Hudson

Tags: Cloud, Malware, Ransomware, TripWire, Zoom

Continue Reading

Previous What are Product Security Incident Response Team (PSIRT) Best Practices?
Next Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

3 days ago [email protected] (The Hacker News)

Recent Posts

  • eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
  • Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
  • Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
  • CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT