Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«268 »
  • Post
  • Reply
Diva Cupcake
Aug 15, 2005



Most of Garmin services are coming back online. Pretty decent chance they paid the $10m or a negotiated amount.
https://twitter.com/BleepinComputer...805598801768450

Adbot
ADBOT LOVES YOU

taqueso
Mar 8, 2004









Fun Shoe

I want to know how/why they couldn't restore from an off-site backup

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!

Pillbug

taqueso posted:

I want to know how/why they couldn't restore from an off-site backup

Yeah, that's what I want to know: A good cold archive or off-site backup is the only ace card if you get ransomwared.

So either they paid, and we'll likely eventually find out either from them or the attackers, or they had a good backup and the time taken was just restoration.

bull3964
Nov 18, 2000

DO YOU HEAR THAT? THAT'S THE SOUND OF ME PATTING MYSELF ON THE BACK.




https://careers-us.garmin.com/us/en...neer-2-Endpoint

Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW


Holy gently caress they pay 57k a year for this?

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!

Pillbug

Biowarfare posted:

Holy gently caress they pay 57k a year for this?

Well, that explains a lot. Wonder if they have a dedicated DR plan that is annually tested....

Volmarias
Dec 31, 2002


Biowarfare posted:

Holy gently caress they pay 57k a year for this?

It costs about $20 and a six-pack in rent to live in the area, so it's not that wild.

Sirotan
Oct 17, 2006

Sirotan is a seal.




Ham Wrangler

Biowarfare posted:

Holy gently caress they pay 57k a year for this?

Just curious where you're seeing the salary figure? Or did they change the listing.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Sirotan posted:

Just curious where you're seeing the salary figure? Or did they change the listing.

Glassdoor, probably.

Sirotan
Oct 17, 2006

Sirotan is a seal.




Ham Wrangler

Sickening posted:

Glassdoor, probably.

Ah, yeah.

namlosh
Feb 11, 2014

I blew up


E: answered already

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!

Pillbug

Volmarias posted:

It costs about $20 and a six-pack in rent to live in the area, so it's not that wild.

Sec Engineer II is more like a guy who might be married and may possibly have kids (lol not in this economy), so that's chicken scratch.

AlternateAccount
Apr 25, 2005
FYGM

Volmarias posted:

It costs about $20 and a six-pack in rent to live in the area, so it's not that wild.

Median household income for the area is 87k. I assure you, the incomes for the area directly surrounding the area are the ones on the upper end of the city/county curve.

Klyith
Aug 3, 2007

GBS Pledge Week


CommieGIR posted:

Sec Engineer II is more like a guy who might be married and may possibly have kids (lol not in this economy), so that's chicken scratch.

Sec Engineer II also might be a late-20s queer trans person these days. To keep them living in Kansas, a state that has become unrepentantly MAGA and hostile to their mental health, probably costs a substantial bonus.

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!

Pillbug

Klyith posted:

Sec Engineer II also might be a late-20s queer trans person these days. To keep them living in Kansas, a state that has become unrepentantly MAGA and hostile to their mental health, probably costs a substantial bonus.

ALSO this, yes.

Volmarias
Dec 31, 2002


AlternateAccount posted:

Median household income for the area is 87k. I assure you, the incomes for the area directly surrounding the area are the ones on the upper end of the city/county curve.

Sure, but the cost of living is still low compared to the Bay Area or New York.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Volmarias posted:

Sure, but the cost of living is still low compared to the Bay Area or New York.

The cost of living is cheaper than the most inflated cost of living areas we have? crazy.

Martytoof
Feb 25, 2003

 
 


CommieGIR posted:

Wonder if they have a dedicated DR plan that is annually tested....

taqueso posted:

I want to know how/why they couldn't restore from an off-site backup

You guys know the answers to this c'mon

CommieGIR
Aug 22, 2006

If Godzilla can do it, you know I can deliver!

Pillbug

Martytoof posted:

You guys know the answers to this c'mon

We do, but professionalism demands we have some suspension of disbelief

RFC2324
Jun 7, 2012

Http 418


CommieGIR posted:

We do, but professionalism demands we have some suspension of disbelief

P sure professionalism demands we take off our glasses, put our fingers on the bridge of our nose, sigh, and get out the bottle of scotch

Martytoof
Feb 25, 2003

 
 


Once upon a time I worked with a vendor who, with a straight face, told me that while they did backups it wasnít in scope to test them because they didnít have enough hardware to do a test restore. Somehow they were surprised when this didnít fly.

https://www.youtube.com/watch?v=QblkQ-J6zio

AlternateAccount
Apr 25, 2005
FYGM

Volmarias posted:

Sure, but the cost of living is still low compared to the Bay Area or New York.

There are 3141 counties in the US. Johnson County, KS is the 81st for median income. That's two spots below Orange County, CA, and a whole lot higher in the list if you exclude the bay area, NYC, or anywhere within commute distance of DC. $57k is basically the bare minimum to live here as a single person in some comfort. I am 99.9% confident that glassdoor's estimate is off. Probably by 50-100%.

Bonzo
Mar 11, 2004

Just like Mama used to make it!


Dinosaur Gum

Martytoof posted:

Once upon a time I worked with a vendor who, with a straight face, told me that while they did backups it wasnít in scope to test them because they didnít have enough hardware to do a test restore. Somehow they were surprised when this didnít fly.

https://www.youtube.com/watch?v=QblkQ-J6zio

I've worked in a few data centers that never tested killing the power to see if the generator would kick on. "Do you know how expensive that is to test?" Not as expensive as updating my resume.

Subjunctive
Sep 12, 2006

careful now


Cybernetic Crumb

RFC2324 posted:

P sure professionalism demands we take off our glasses, put our fingers on the bridge of our nose, sigh, and get out the bottle of scotch

And bill for the hours.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

In an interview with a candidate today, when asked what SEIM tool he is currently using he said he is using one they created in house. A company of 800 people designed their own SEIM tool.

He is either lying his rear end off because he couldn't think of one or there are small companies out there they make their own.

Defenestrategy
Oct 24, 2010

Worst decision I ever made.


Sickening posted:

He is either lying his rear end off because he couldn't think of one or there are small companies out there they make their own.

It may not be so preposterous. My company took one of our own products we developed for sat-com purposes and has a reoccurring project which we have an intern and a full time engineer transform it from a sat-com monitoring software into a gen use network monitoring software. We're currently dog fooding it and I don't know if it would have been better to have just forked out the money for solar winds or something, but I guess it gave the intern something to do.


I mean, what is a siem but basically a collection depot for a bunch of your logs right?*


*I have never worked with a siem, don't hurt me.

taqueso
Mar 8, 2004









Fun Shoe

we made our own, its a 3-ring binder

RFC2324
Jun 7, 2012

Http 418


taqueso posted:

we made our own, its a 3-ring binder

every day you print out all your logs and put them in the binder

The Fool
Oct 16, 2003



Defenestrategy posted:

It may not be so preposterous. My company took one of our own products we developed for sat-com purposes and has a reoccurring project which we have an intern and a full time engineer transform it from a sat-com monitoring software into a gen use network monitoring software. We're currently dog fooding it and I don't know if it would have been better to have just forked out the money for solar winds or something, but I guess it gave the intern something to do.


I mean, what is a siem but basically a collection depot for a bunch of your logs right?*


*I have never worked with a siem, don't hurt me.

I mean, theoretically there are a bunch of analysis, alerting and reporting tools built into it as well.

e: But I could totally see a small company sending a bunch of logs to sql and using ssrs and calling it an in house siem.

Volmarias
Dec 31, 2002


Defenestrategy posted:

I mean, what is a siem but basically a collection depot for a bunch of your logs right?*

But enough false positives. Have at you!

taqueso
Mar 8, 2004









Fun Shoe

RFC2324 posted:

every day you print out all your logs and put them in the binder

every day someone remembers to do it anyway

Martytoof
Feb 25, 2003

 
 


Select * from logs where rawlog = Ď%HACK%í

*dusts hands* well my work here is done



Iíve been meaning to play with Apache Metron for like two years now and just have never gotten off my rear end to finish an actual install. I always get to the part where I have to compile something or other by hand but then something at work explodes and Iím distracted by my actual job.

Defenestrategy
Oct 24, 2010

Worst decision I ever made.


The Fool posted:

I mean, theoretically there are a bunch of analysis, alerting and reporting tools built into it as well.

e: But I could totally see a small company sending a bunch of logs to sql and using ssrs and calling it an in house siem.

Wouldn't that just be graylog?

Space Gopher
Jul 31, 2006
BLITHERING IDIOT

You can make an "SEIM tool" by hiring a low-level tech, assigning them to poke through reports from endpoint security software, and telling them to log anything that looks weird into a shared Excel doc.

It won't do much good, but that kind of setup is a lot more common in 800-person companies than a full Splunk system.

The Fool
Oct 16, 2003



Defenestrategy posted:

Wouldn't that just be graylog?

Gray log is a cool and good implementation of elastic search, fight me.

evil_bunnY
Apr 2, 2003



taqueso posted:

I want to know how/why they couldn't restore from an off-site backup
Because nobody tests backups, and those who do never test actual RTO.

lmao

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

The Fool posted:

Gray log is a cool and good implementation of elastic search, fight me.

I have used greylog in the past and actually liked it a lot.

Blinkz0rz
May 27, 2001

MY CONTEMPT FOR MY OWN EMPLOYEES IS ONLY MATCHED BY MY LOVE FOR TOM BRADY'S SWEATY MAGA BALLS


The other piece of a modern SIEM is user and attacker behavior analytics. Rather than just "does this log line look suspicious" you get "this pattern of log lines indicates lateral network movement" or "multi-site auth" etc.

Guaranteed they didn't build out that stuff in-house or else they'd be trying to market it.

Mustache Ride
Sep 11, 2001



Pillbug

It's probably a lovely MS Access project.

Adbot
ADBOT LOVES YOU

Schadenboner
Aug 15, 2011

I MEAN, TURN OFF YOURE MONITOR, MIGTH EXPLAIN YOUR BAD POSTS, HOPE THIS HELPS?!

Mustache Ride posted:

It's probably a lovely MS Access project.

There's no need to use profanity, you could just say "MS Access project"*

*: I workshopped a way to make "MS Access" into the curse but couldn't quite make the line land so this is the response you guys get. Sorry.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«268 »