Skip to content

Pre-nomaly Detection: Generating Change to Identify Non-Conformance

chameleonIt was recently reported that Belgacom, Belgium’s primary telecom company, discovered a compromise that had been present for years. It reminded me of the Nortel compromise that was discovered a while back. The fact is that we’ve seen an increase in these kinds of discoveries. Details on how exactly the compromise was found are hard to come by, but I can’t help but wonder how an organization might do a better job detecting persistent compromise.

@tkeanini suggested something he called “detection in diversity.” I might interpret that as a sort of ‘try everything’ approach. What if we consider a more novel approach instead?

Start with the assumption that what matters is what you can control, and what you can’t control (whether through compromise or other causes) is a kind of risk. Taking this stance, you can then effectively generate anomolous activity through prescriptive change excuted across some specified set of objects you control.

Make a change, look for who didn’t keep up, go remediate. If you build this kind of activity into the system, then you create a more resilient system overall, and you constantly weed out risk.

Post a Comment

Your email is never published nor shared. Required fields are marked *