← @kwm Twitter archive
Keith
@kwm
I'll just leave this here: Anyone selling you a *product* that claims to reliably identify post-exploitation activity . . . is full of shit.
8/7/2015, 10:43:08 AM
Favs: 2
Retweets: 0
linkKeith
@kwm
You will not *reliably* identify post-exploitation activity without humans. They may be your humans, they may be your provider's humans.
8/7/2015, 10:44:19 AM
Favs: 1
Retweets: 0
linkKeith
@kwm
Products have to err on the side of false positive/negative, depending on function. Antivirus has to FN or risk halting productivity.
8/7/2015, 10:52:05 AM
Favs: 0
Retweets: 0
linkKeith
@kwm
Many signature-driven detection systems will have an intentionally high FP rate. And this is good, assuming that you put humans on review.
8/7/2015, 10:52:55 AM
Favs: 0
Retweets: 0
link