By David Barton, Chief Information Security Officer, Stellar Cyber
The noise is real. Of that, we can agree. It started way back in history – whoops, wrong topic (shout out to all of you who know that lyric). Basic packet captures – the final arbiter of proof, started all this and has continued nonstop until this very day. Every security analyst worth his/her salt asks for the packet captures. Why do we have all this data? Do we need it all? With IOT today, my toaster can tell me how many toast points I have burned since 2019. Do we care? Should we care? To be honest, I’m not sure I want folks to know I struggle getting my toast just right :).
Some of the blame rests squarely on the shoulders of all the security practitioners out there. How many times have we asked our partners, ”Can’t you just create a syslog and tell me everything I need to know?” We are part of the problem. The other part of the problem rests on our security partners (vendors). A few enterprising partners tell us, “Send me all your data. Worst case is we can store it just in case you need it someday.” Great way to drive up licensing – the more of my data your product stores the more I pay you to access my data.