[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTikf6O6iFm7x5oSAC7NUqzMQM_SiUvJr=E5LaJJ6@mail.gmail.com>
Date: Sun, 12 Dec 2010 12:02:29 -0500
From: Jeffrey Walton <noloader@...il.com>
To: Charles Polisher <cpolish@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Adam Behnke <adam@...osecinstitute.com>
Subject: Re: Security Incident Response Testing To Meet
Audit
On Fri, Dec 10, 2010 at 11:52 PM, Charles Polisher <cpolish@...il.com> wrote:
> Adam Behnke wrote:
>> Hi everyone, InfoSec Institute author Russ McRee has written up an overview
>> on tools to ensure maximum readiness for incident response teams, including
>> drill tactics. PCI-DSS audits often require IR testing validation; drill
>> quarterly and be ready next audit cycle.
>>
>> http://resources.infosecinstitute.com/incident-response-and-audit-requirements/
>>
>> Please let me know your thoughts.
>
> "Remember that you're playing with binaries that will likely cause
> antivirus to fire."
>
> I take issue with this statement. Tonight I tested $VENDOR's
> up-to-date anti-virus against 10 day-old malware samples captured
> from the wild - the detection rate was abysmal (225/539).
> Maybe your AV is better than mine.
Immunet (http://www.immunet.com/) would probably very useful in this
situation. Think of it a 'distributed antivirus definitions'. If one
$VENDOR catches it, your machine will most likely catch it since its
part of the cloud (forgive the cliché).
The company was started by a fellow named Al Huger. I believe he also
started Bugtraq. When Bugtraq was commercialized by Symantec, Huger
moved on to Immunet.
Jeff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists