I wonder what they consider to be a hack? The wording in the in the article is loose enough to mean that if someone pinged one of their servers it would be considered a hack. Perhaps they even they count Google spider indexing as a probe into their network. It makes me wonder how many 'real' hack attempts are made and how many succeed. All in it, it sounds like a funding bid!
Marcus Ranum once commented about firewall logging that an umbrella that notified you about every raindrop it repulsed would soon get annoying.I suspect the same thing is going on here. Are these 'repulsed' probes really 'need to know'? Are they worth the rotating rust it takes to store that they happened?
Oh, right, Big Data.
Oh, right, "precursor probes".
Can we live without this?
No doubt there are people who have a vested interest here:
- vendors of storage for the Big Data side of all this
- vendors of the logging and analyzing software
- political hacks and special interest groups who make a living out of crying "ain't it awful" about such things and demanding "something must be done NOW", pretty much regardless of the side effects, such as we saw with the Security Theatre that followed on from the "must be done now" that resulted form 9/11.
- the media and subject-ignorant journalists, especially TV journalists after a superficial, meaningless but catchy sound-bite.
- people who say that this is out of control ...
- because the government hasn't a clue and should get out of this business and leave it to 'the professionals', aka Big Business
- and we need more government controls and regulations to stop this being taken over by a commercial lemming-tide.
Who have I left out?
Oh right, CISSPs.