Allen West

Squeezing original intelligence from the unknown can be accomplished through the process of methodical enrichment of application logs. Common Vulnerabilities and Exposures (CVE) are a great way to track cybersecurity vulnerabilities that most security professionals should already be familiar with. This standardization allows for conversations to be had around important weaknesses within specific applications, but not all vulnerabilities are known, and not all known vulnerabilities get CVE. The question then becomes, How do you position yourself to defend threats that have not been officially recognized by the security community?

As soon as you publish virtually any application on the internet, you quickly start seeing an overwhelming amount of unsolicited traffic. The internet is full of malicious actors, bots (often programs that perform automated actions for their owners, but sometimes in the context of botnets, they can be compromised endpoints), researchers, and organizations that are constantly scanning the entire internet for various purposes. It is up to defenders to stay current with threat trends, especially for applications, which are designed to be accessible, often at the expense of security principles. This can be accomplished by paying close attention to application traffic logs, using good automation or even AI to find ...