-
What is a ‘NOC’? What is a ‘SOC’? The Battle of ‘NOCs’ vs. ‘SOCs’…
Noc’ing the Soc’s Off You!! First of all, I want to preface this by stating and asking, “Why aren’t NOCs and SOCs the same thing???” Just initially hearing what the acronyms stand for alone, and going based off of that, I would think we would want “Network” and “Security” intertwined and treated with a holistic approach. Similar to how security should be “baked in” to software. NOC–Network Operations Center A NOC is a Network Operations Center (NOC, pronounced like the work ‘knock’), which can also be referred to as a “network management center”. It can be one or more locations from which network monitoring and control (i.e. network management) is…
-
What is a “False Positive”?
A true positive is an outcome where the model correctly predicts the positive case. Ex: Downloaded file is malware, and the A.V. detected it as malware. A true negative is an outcome where the model correctly predicts the negative case. Ex: Downloaded file is NOT malware, and the A.V. did NOT detect it as malware. A false positive is an outcome where the model incorrectly predicts the positive case. Ex: Downloaded file is NOT malware, but the A.V. detected it as malware. A false negative is an outcome where the model incorrectly predicts the negative case. Ex: Downloaded file is a malware, AV did NOT detect it as malware. True…
-
What is Attack Surface?
Attack surface. First thing I start thinking is the surface area, or the exposed area that is susceptible to a cyber onslaught by threat actors, or bad people with malicious intent. According to Wikipedia: “The attack surface of a software environment is the sum of the different points (for “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.” via Wikipedia “KEEPING THE ATTACK SURFACE AS SMALL AS POSSIBLE IS A BASIC SECURITY MEASURE.” **clap, clap** Does that last line stick out to anyone else?? It should.…
-
What is Remote Code Execution?
What is Remote code execution (RCE)? A simple web search brings up a Wikipedia page on Arbitrary code execution (ACE). According to Wikipedia: In computer security, arbitrary code execution (ACE) is an attacker’s ability to execute arbitrary commands or code on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution…