'Instant Replay' for Computer Systems Shows Cyber Attack Details

[DooKey]

Cybersecurity researchers at the Georgia Institute of Technology are working to automate the process that investigators use to pinpoint how intruders enter a network, what data they took, and which computer were compromised. It's known as Refinable Attack INvestigation (RAIN) and it will provide detailed report of the intrusion. RAIN is just the product that the cybersecurity world is looking for because it will significantly speed up investigations of intrusions and allow counter-measures to be fielded faster once the details of the intrusion are identified.

In addition to its selectivity in recording events, RAIN creates a multi-level review capability that is coarse at first, then more detailed when specific events of interest are identified. Timing of the activities -- the inputs, environment and resulting actions -- are also synchronized to help investigators understand a complex sequence of activities.

 

[BloodyIron]

How exactly is this not already how it's done? >:|

 

[Deleted member 83233]

How exactly is this not already how it's done? >:|

I'm sure it is in more of an ad hoc sort of way. However, if it's automated, it could probably be done much more quickly, and then give a report.

My concern would be, that if this is turned into some sort of software package, and it's hooked into every system in your network more or less, then it gets hacked or exploited, that could be more dangerous. I don't know enough about it though or what they intend to do to know whether that's all that valid a concern though.

 

[viper1152012]

But, can they see why kids love cinnamon toast crunch?

 

[steakman1971]

I used to work for a software company that developed network management software. We sold stuff that was supposed to do this - although to be honest, it mainly reviewed log files. You had to do a lot of the correlation.
I don't think that company marketed the software to review hacks - it was more for figuring out what caused something to have a problem. Especially on a distributed system (web servers, NAS, database, etc - you could map a business app and let our software know what it was using to get a "health" score for it).

 

[viscountalpha]

Go for it. I want to see them make this. Give us another tool to use against them when they least expect it.

 

[Deleted member 83233]

But, can they see why kids love cinnamon toast crunch?

If they could do that, then we'd have a lot less problems in this world. However, they can't. So we're fucked. God damned Cinnamon Toast Crunch.