A Simple Question: Just One Cyber Security Firm?
August 17, 2021
There are quite a few cyber security, cyber intelligence, and cyber threat companies. I have a list of about 100 of the better known outfits in this business. Presumably there are dozens, maybe hundreds of trained analysts and finely tuned intelware programs looking for threats and stolen data 24×7.
I read “Secret Terrorist Watchlist with 2 million Records Exposed Online.” The write up states:
July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.
Here’s my question: Why was a single researcher the only expert aware of this serious breach (if indeed it is valid)?
My hunch is that the Fancy Dan 24×7 smart systems and the legions of developers refining smart intelware have produced systems that simply don’t work. If they did, numerous alerting services would have spotted the alleged do not fly data. The “single researcher” would have been late to the party. He wasn’t. Thank goodness for this research, Mr. Diachenko.
Those systems, as far as I know, did not. The question remains, “Maybe these commercial services don’t work particularly well?” Marketing is really easy, even fun. Delivering on crazy assertions is a different sort of job.
Stephen E Arnold, August 17, 2021