[SANS ISC] “Blocked” Does Not Mean “Forget It”

I published the following diary on isc.sans.org: “Blocked Does Not Mean Forget It“:

Today, organisations are facing regular waves of attacks which are targeted… or not. We deploy tons of security controls to block them as soon as possible before they successfully reach their targets. Due to the amount of daily generated information, most of the time, we don’t care for them once they have been blocked. A perfect example is blocked emails. But “blocked” does not mean that we can forget them, there is still valuable information in those data… [Read more]

[The post [SANS ISC] “Blocked” Does Not Mean “Forget It” has been first published on /dev/random]

Article Link: https://blog.rootshell.be/2018/05/24/sans-isc-blocked-not-mean-forget/