Good Sources of Labelled Security Attack Data – The ongoing challenge
We all need to watch for compromising account credentials.
- password brute forcing/password guessing
- password reset
- credential leaks/harvesting
- drive by compromise
How do you watch this stuff in the cloud? Workstations? Users? Account breaches increase risk and gives a “bad guy” anywhere, anytime access.
Also, in regards to this interesting slide above from RSA conference. I would add:
- Crawl – Public Data
- Walk – HoneyPot Data
- Jog – Red Team Data
- Run – Shared Normalized Breach Data and Attach Methodology for PP rules (IMHO)