There is a lot of noise out there including that from those with a vested interest. And so much of it seems ridiculous… another RPC vulnerability in my public web server? I guess that is why we block all ports but the essentials ones, but we still patch like crazy and hope the patches do less damage than the threats.

We need to spend more time and thinking on issues like application logging and affordable analysis to see what might really be happening in our environments. Sarbanes may be seriously contributing to solutions now that more logs are being stored. I have advocated the use of data mining tools against those logs to find ‘interesting’ associations – the proverbial needle in a haystack.