Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Diva Cupcake
Aug 15, 2005

Most of Garmin services are coming back online. Pretty decent chance they paid the $10m or a negotiated amount.
https://twitter.com/BleepinComputer/status/1287805598801768450

Adbot
ADBOT LOVES YOU

taqueso
Mar 8, 2004


:911:
:wookie: :thermidor: :wookie:
:dehumanize:

:pirate::hf::tinfoil:
I want to know how/why they couldn't restore from an off-site backup

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

taqueso posted:

I want to know how/why they couldn't restore from an off-site backup

Yeah, that's what I want to know: A good cold archive or off-site backup is the only ace card if you get ransomwared.

So either they paid, and we'll likely eventually find out either from them or the attackers, or they had a good backup and the time taken was just restoration.

bull3964
Nov 18, 2000

DO YOU HEAR THAT? THAT'S THE SOUND OF ME PATTING MYSELF ON THE BACK.


https://careers-us.garmin.com/us/en/job/20000RV/Cyber-Security-Engineer-2-Endpoint

Impotence
Nov 8, 2010
Lipstick Apathy

Holy gently caress they pay 57k a year for this?

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Biowarfare posted:

Holy gently caress they pay 57k a year for this?

Well, that explains a lot. Wonder if they have a dedicated DR plan that is annually tested....

Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

Biowarfare posted:

Holy gently caress they pay 57k a year for this?

It costs about $20 and a six-pack in rent to live in the area, so it's not that wild.

Sirotan
Oct 17, 2006

Sirotan is a seal.


Biowarfare posted:

Holy gently caress they pay 57k a year for this?

Just curious where you're seeing the salary figure? Or did they change the listing.

Sickening
Jul 16, 2007

Black summer was the best summer.

Sirotan posted:

Just curious where you're seeing the salary figure? Or did they change the listing.

Glassdoor, probably.

Sirotan
Oct 17, 2006

Sirotan is a seal.


Sickening posted:

Glassdoor, probably.

Ah, yeah.

namlosh
Feb 11, 2014

I name this haircut "The Sad Rhino".
E: answered already

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Volmarias posted:

It costs about $20 and a six-pack in rent to live in the area, so it's not that wild.

Sec Engineer II is more like a guy who might be married and may possibly have kids (lol not in this economy), so that's chicken scratch.

AlternateAccount
Apr 25, 2005
FYGM

Volmarias posted:

It costs about $20 and a six-pack in rent to live in the area, so it's not that wild.

Median household income for the area is 87k. I assure you, the incomes for the area directly surrounding the area are the ones on the upper end of the city/county curve.

Klyith
Aug 3, 2007

GBS Pledge Week

CommieGIR posted:

Sec Engineer II is more like a guy who might be married and may possibly have kids (lol not in this economy), so that's chicken scratch.

Sec Engineer II also might be a late-20s queer trans person these days. To keep them living in Kansas, a state that has become unrepentantly MAGA and hostile to their mental health, probably costs a substantial bonus.

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Klyith posted:

Sec Engineer II also might be a late-20s queer trans person these days. To keep them living in Kansas, a state that has become unrepentantly MAGA and hostile to their mental health, probably costs a substantial bonus.

ALSO this, yes.

Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

AlternateAccount posted:

Median household income for the area is 87k. I assure you, the incomes for the area directly surrounding the area are the ones on the upper end of the city/county curve.

Sure, but the cost of living is still low compared to the Bay Area or New York.

Sickening
Jul 16, 2007

Black summer was the best summer.

Volmarias posted:

Sure, but the cost of living is still low compared to the Bay Area or New York.

The cost of living is cheaper than the most inflated cost of living areas we have? crazy.

some kinda jackal
Feb 25, 2003

 
 

CommieGIR posted:

Wonder if they have a dedicated DR plan that is annually tested....

taqueso posted:

I want to know how/why they couldn't restore from an off-site backup

You guys know the answers to this c'mon :q:

CommieGIR
Aug 22, 2006

The blue glow is a feature, not a bug


Pillbug

Martytoof posted:

You guys know the answers to this c'mon :q:

We do, but professionalism demands we have some suspension of disbelief :)

RFC2324
Jun 7, 2012

http 418

CommieGIR posted:

We do, but professionalism demands we have some suspension of disbelief :)

P sure professionalism demands we take off our glasses, put our fingers on the bridge of our nose, sigh, and get out the bottle of scotch

some kinda jackal
Feb 25, 2003

 
 
Once upon a time I worked with a vendor who, with a straight face, told me that while they did backups it wasn’t in scope to test them because they didn’t have enough hardware to do a test restore. Somehow they were surprised when this didn’t fly.

https://www.youtube.com/watch?v=QblkQ-J6zio

AlternateAccount
Apr 25, 2005
FYGM

Volmarias posted:

Sure, but the cost of living is still low compared to the Bay Area or New York.

There are 3141 counties in the US. Johnson County, KS is the 81st for median income. That's two spots below Orange County, CA, and a whole lot higher in the list if you exclude the bay area, NYC, or anywhere within commute distance of DC. $57k is basically the bare minimum to live here as a single person in some comfort. I am 99.9% confident that glassdoor's estimate is off. Probably by 50-100%.

Bonzo
Mar 11, 2004

Just like Mama used to make it!

Martytoof posted:

Once upon a time I worked with a vendor who, with a straight face, told me that while they did backups it wasn’t in scope to test them because they didn’t have enough hardware to do a test restore. Somehow they were surprised when this didn’t fly.

https://www.youtube.com/watch?v=QblkQ-J6zio

I've worked in a few data centers that never tested killing the power to see if the generator would kick on. "Do you know how expensive that is to test?" Not as expensive as updating my resume.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

RFC2324 posted:

P sure professionalism demands we take off our glasses, put our fingers on the bridge of our nose, sigh, and get out the bottle of scotch

And bill for the hours.

Sickening
Jul 16, 2007

Black summer was the best summer.
In an interview with a candidate today, when asked what SEIM tool he is currently using he said he is using one they created in house. A company of 800 people designed their own SEIM tool.

He is either lying his rear end off because he couldn't think of one or there are small companies out there they make their own.

Defenestrategy
Oct 24, 2010

Sickening posted:

He is either lying his rear end off because he couldn't think of one or there are small companies out there they make their own.

It may not be so preposterous. My company took one of our own products we developed for sat-com purposes and has a reoccurring project which we have an intern and a full time engineer transform it from a sat-com monitoring software into a gen use network monitoring software. We're currently dog fooding it and I don't know if it would have been better to have just forked out the money for solar winds or something, but I guess it gave the intern something to do.


I mean, what is a siem but basically a collection depot for a bunch of your logs right?*


*I have never worked with a siem, don't hurt me.

taqueso
Mar 8, 2004


:911:
:wookie: :thermidor: :wookie:
:dehumanize:

:pirate::hf::tinfoil:
we made our own, its a 3-ring binder

RFC2324
Jun 7, 2012

http 418

taqueso posted:

we made our own, its a 3-ring binder

every day you print out all your logs and put them in the binder

The Fool
Oct 16, 2003


Defenestrategy posted:

It may not be so preposterous. My company took one of our own products we developed for sat-com purposes and has a reoccurring project which we have an intern and a full time engineer transform it from a sat-com monitoring software into a gen use network monitoring software. We're currently dog fooding it and I don't know if it would have been better to have just forked out the money for solar winds or something, but I guess it gave the intern something to do.


I mean, what is a siem but basically a collection depot for a bunch of your logs right?*


*I have never worked with a siem, don't hurt me.

I mean, theoretically there are a bunch of analysis, alerting and reporting tools built into it as well.

e: But I could totally see a small company sending a bunch of logs to sql and using ssrs and calling it an in house siem.

Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

Defenestrategy posted:

I mean, what is a siem but basically a collection depot for a bunch of your logs right?*

But enough false positives. Have at you!

taqueso
Mar 8, 2004


:911:
:wookie: :thermidor: :wookie:
:dehumanize:

:pirate::hf::tinfoil:

RFC2324 posted:

every day you print out all your logs and put them in the binder

every day someone remembers to do it anyway

some kinda jackal
Feb 25, 2003

 
 
Select * from logs where rawlog = ‘%HACK%’

*dusts hands* well my work here is done



I’ve been meaning to play with Apache Metron for like two years now and just have never gotten off my rear end to finish an actual install. I always get to the part where I have to compile something or other by hand but then something at work explodes and I’m distracted by my actual job.

Defenestrategy
Oct 24, 2010

The Fool posted:

I mean, theoretically there are a bunch of analysis, alerting and reporting tools built into it as well.

e: But I could totally see a small company sending a bunch of logs to sql and using ssrs and calling it an in house siem.

Wouldn't that just be graylog?

Space Gopher
Jul 31, 2006

BLITHERING IDIOT AND HARDCORE DURIAN APOLOGIST. LET ME TELL YOU WHY THIS SHIT DON'T STINK EVEN THOUGH WE ALL KNOW IT DOES BECAUSE I'M SUPER CULTURED.
You can make an "SEIM tool" by hiring a low-level tech, assigning them to poke through reports from endpoint security software, and telling them to log anything that looks weird into a shared Excel doc.

It won't do much good, but that kind of setup is a lot more common in 800-person companies than a full Splunk system.

The Fool
Oct 16, 2003


Defenestrategy posted:

Wouldn't that just be graylog?

Gray log is a cool and good implementation of elastic search, fight me.

evil_bunnY
Apr 2, 2003

taqueso posted:

I want to know how/why they couldn't restore from an off-site backup
Because nobody tests backups, and those who do never test actual RTO.

lmao

Sickening
Jul 16, 2007

Black summer was the best summer.

The Fool posted:

Gray log is a cool and good implementation of elastic search, fight me.

I have used greylog in the past and actually liked it a lot.

Blinkz0rz
May 27, 2001

MY CONTEMPT FOR MY OWN EMPLOYEES IS ONLY MATCHED BY MY LOVE FOR TOM BRADY'S SWEATY MAGA BALLS
The other piece of a modern SIEM is user and attacker behavior analytics. Rather than just "does this log line look suspicious" you get "this pattern of log lines indicates lateral network movement" or "multi-site auth" etc.

Guaranteed they didn't build out that stuff in-house or else they'd be trying to market it.

Mustache Ride
Sep 11, 2001



It's probably a lovely MS Access project.

Adbot
ADBOT LOVES YOU

Schadenboner
Aug 15, 2011

by Shine

Mustache Ride posted:

It's probably a lovely MS Access project.

There's no need to use profanity, you could just say "MS Access project"*

*: I workshopped a way to make "MS Access" into the curse but couldn't quite make the line land so this is the response you guys get. Sorry.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply