Quality of Patch Information and Threat Intelligence Sources

Abstract

Quals talk:

To make informed decisions to protect their networks, system administrators (sysadmins) must answer a set of questions: 1) could this vulnerability/threat affect my system, 2) what is the likelihood of being affected, 3) what are the potential unwanted effects of applying a patch, and 4) what is the best mitigation strategy. Since no single source is likely to answer all questions, sysadmins must get this information from multiple sources. When alerts from multiple sources have significant overlap, this is both time consuming and disruptive, which contributes to alert fatigue. We conducted a survey of sysadmins to find which sources they use to receive these cyber advisories. In this talk, we will present preliminary results of this survey, as well as an analysis of alerts from various source categories, to show how the convergence of sources provides sysadmins the full set of information needed.

Please join meeting in Cummings 180 or via Zoom.

Join Zoom meeting: https://tufts.zoom.us/j/98126702058

Passcode: see colloquium email

Dial-in not an option for this event.