Microsoft and CrowdStrike finally fix the stupidest problem in cybersecurity
In cybersecurity, every second counts. But when the same hacking group goes by half a dozen different names depending on which company you ask, defenders are left wasting time instead of stopping attacks. Now, Microsoft and CrowdStrike are teaming up to clean up the mess they helped create.
The two companies just announced a joint effort to map their threat actor naming systems to each other. Basically, it’s a cheat sheet for decoding the confusing and conflicting names used across the industry. Midnight Blizzard? That’s Microsoft’s name for what CrowdStrike calls Cozy Bear. Others call it APT29 or UNC2452.
The NIST/NVD situation and vulnerability management programs
In the infosec world we continually preach about “defense in depth,” or layered security. The idea is that if a defensive measure at one layer fails, there are additional layers behind it that serve as a safety net. An interesting application of these concepts comes in examining the data feeds that provide information to our security tools. If one of the feeds goes down, will our security tooling continue to work as expected?
This recently came to light when the National Institute of Standards and Technology (NIST) announced that it cannot keep up with the number of software bugs being submitted to the National Vulnerability Database (NVD). According to NIST itself, it has only analyzed roughly one-third of the Common Vulnerabilities and Exposures (CVEs) submitted this year. Since many organizations rely on NVD information in their vulnerability management programs, this is distressing news. For organizations in this situation, the question then becomes: How do we minimize the impact of the NIST backlog?