Hi all, this is Jonathan Spring. I've written a bit about some challenges with blacklisting, such as about the dynamics of domain take-down: why e-crime pays (domains are so cheap it almost always pays) and comparisons among blacklists (they are largely disjoint, calling into question comprehensiveness).
Hi, this is Angela Horneman from the CERT Situational Awareness Analysis team. Recently, Nathan Dell and I were asked to explore ways to improve network traffic data storage by determining what data to store to meet organizational needs. Our research, brainstorming, and discussions led us to create a methodology to help organizations determine what types of traffic to collect and what parts of the collected traffic to keep.