We’ve heard that data is the new oil, gold or <insert other precious commodity here>, but it’s what you do with data that determines its true value.
If they didn’t know it already, attendees at the Noumea 2018 Forum of Incident Response and Security Teams Technical Colloquium (FIRST TC) were shown a myriad of ways that data can be collected, interpreted, visualized and acted upon in what was the first FIRST TC to be held in the Pacific region.
The FIRST TC was held on the eve of APNIC 46 in Nouméa, New Caledonia, and featured speakers from across the Asia Pacific.
Geoffroy Thonon of AusCERT began proceedings, introducing attendees to a wide range of ‘budget neutral’ approaches to gathering intelligence data online. He discussed methods of automating the analysis of this data in a way that is useful to new CERT teams.
“How much of the fire hose do you want to drink?”, Geoffroy asked, stressing that the data required for security intelligence gathering is out there, and that new security teams should invest in making tools to use this data (investing in capital expenditure) instead of spending operational expenditure by trying to manage it manually.
Similarly, Champika Wijayatunga of ICANN provided a guide to sources of information and contacts that allow security responders to investigate and handle DNS abuse scenarios. Champika also reminded attendees that the recent GDPR regulations impact the information provided by the RIPE whois.
Jihnyun Cho of Korea Internet and Security Agency (KISA) and Jeff Garae of CERT Vanuatu also focused on how data drives their work in security operations and developing security visualization systems respectively.
APNIC’s Adli Wahid introduced the Community Honeynet Project, which aims to detect malicious traffic in the Asia Pacific region, providing an emulated login shell with which to attract scans, bots, and attackers. The data from this honeynet project is intended to feed a visualization service that allows users to monitor the malicious traffic originating from their networks.
Throughout the proceedings of the FIRST TC, the utility of data, especially freely available data from registries and public databases, was emphasized, and the wide range of applications for that data was demonstrated. Attendees were surely left with no doubt that the data is out there to be parsed, filtered, visualized and acted upon in the interest of a secure Internet in our region.
APNIC has an MoU with FIRST having hosted TCs at previous APNIC and APRICOT conferences. More than half of the attendees were participants of the APNIC 46 Network Security and Information Security Workshops and the APNIC Foundation supported Regional CERT/CSIRT Capacity building workshop. See the FIRST website for more information.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.