CYBER SCAPE AFRICA | Q2
2019
Next, we interrogate
this activity (with a
mouse click) and find a
high number of proxy
authentication failures.
Additionally, the threat
intelligence (a.k.a. data)
correlates the attempt-
ed HTTP communica-
tion with the known
malicious domain
chickenkiller[.]com.
Agreed, that was not
only a really simple
example, it was mildly
boring. Hence a logical
flow, into the final
section, which is no
more exciting, but
eludes to the fact that
the end is near.
Machine assisted analytics –
army of one (lots of ones,
and some zeros too)
Intelligence Amplification is a core design principle in Snode technology. It refers to the perfect
harmony of machines assisting humans solve difficult problems (that’s not very accurate, maybe
buy a book). However, for the simple (boring) stuff, we use the machines. So, our final step involves
automating the (playbook) incident response. A FOSS alternative here (please note, I’ve not used
this software personally) would be the Puppet Framework.
So, why automation? Below are thousands of reasons and the number of attacks detected in one
client, in one month, represented in a nice flat earth (not the theory, an illustration).
25