by John Lukach
Reputation is the most critical asset available when using the Internet, as it helps us decide which services we feel safe using. It can also impact an end user’s ability to use the web if the connection had previously suspicious behavior.
The prolific adoption of cloud computing has also added similar challenges for businesses. Fresh deployments pick up dynamic addresses historically known for having malicious activity. The customer’s security tools are now blocking legitimate access to the business offerings with unjustified concerns over security.
It can get even more complicated when customers and businesses are exchanging data. Typically, both have little visibility into the other’s security status. Both must trust each other, which might be too slow for notification as the damage could already have happened, unfortunately.
Security teams must worry about their own houses and everyone else’s to be proactive. While we know one side of the equation, monitoring everything is not an option requiring a scope to be defined.
Atomic indicators are a point-in-time detection with a limited window of effectiveness. The frequency must be quick enough to bubble the alerts up during the relevant period. Evaluating misconfigurations helps strengthen the detection’s likelihood.
I built out my solution for these hurdles called Project Caretaker, which aims to provide a threat feed for North Dakota so that anyone can verify Internet reputation.
Please be aware and respectful of usage requirements from any incorporated threat feeds, as they take a ton of work and effort to maintain by the providing parties, which needs to be appreciated!
Lastly, I wish more security companies operated like Censys, as gaining research access has dramatically increased the value of my project.
Thank you so much, Censys!tags: Feed - Intel - Map - Reputation - Threat