[Discussion] What are we making? -- CLIENT Side

• Previous message (by thread): [Discussion] What are we making? -- CLIENT Side
• Next message (by thread): [Discussion] What are we making? -- CLIENT Side
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What if we focus on developing and distributing a better language for
communicating actionable events?
The idea is to make all intelligence more valuable and immediate. If I
see this input event, alert, network, ISP, javascript, URL, how does it
impact me, and what do I do about it? Instead of just collecting and
distributing, the goal is to direct the actions for (ISP takedown,
firewall, admin action, more). This enhances all of the prior research
we've already done.


Blake



robert.jamison at bt.com wrote:
> It seems we're a split camp with:
>
> [Keynesian CAMP] 
> Client Side Product/Service with ability to protect/detect compromise on
> grannyx home user
> *scope most thoroughly represented by Martin's " RFC: Proposal for
> Analysis Framework"
>
> [Supply Side CAMP] 
> Focus on server side protection for net critical assets
> *Andre/Jack "What is absolutely horrible in its current state is
> IDS/IPS" / "Client side is simply not possible due to political and
> religious issues."
>
> Additional notes gathered (I've just caught up on my reading;-)
>
> (a) Consideration for re-write defanging capability as inline protection
> (b) Efficiency in stream storage--essentially normalize data inspection
> so it doesn't have to be redone by multiple engines
> (c) XML vs. Binary distribution of verbose alerts vs. instruction
> inferred datapoints
> (d) Consideration for extending existing project Bro
>
> Anything I'm missing?
>
> Rob

• Previous message (by thread): [Discussion] What are we making? -- CLIENT Side
• Next message (by thread): [Discussion] What are we making? -- CLIENT Side
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]