A few weeks ago, I was chatting with a friend of mine in the industry. The conversation went something like this:
Me: Hey- what's up? Been a while…
Friend: The "Advanced Threat Detection" on my machine just bricked my MacBook…
Me: ?
Friend: I was trying to be a good Internet crime fighter, using netcat to do some bulk ASN peer lookups on an address and now I can't get a terminal window to open. I logged a ticket with central IT and haven't received an answer yet on how to fix it.
Me: ???
Friend: Yea. Trying to do the right thing, protecting the Internet from bad guys, macbook now can only play cat videos.
Has this happened to you as a security investigator? Your "advanced detection technology" considering anything "shell" related, a threat? The IT process breaking down because they weren't prepared for your work patterns and you didn't have the right tools for a job? It feels like this was a problem 20 years ago- but we somehow made things.. worse?
What I've observed in the space- all the great data sources out there have crap for "an API" and all the 'sexy' services out there- have garbage for data. Additionally, the professionals who need those APIs and data, grew up in an age where things like whois, netcat, text files, curl and wget were THE way to do it. Of course, when you learned how to use a hammer- you continue using that hammer… until it bricks your machine.
TeamCymru has been extremely generous over the years, in providing a lot of contextual services and data to the internet security community. These tools are the de-facto go to set of services for most kids that grew up trying to tame the Internet. The caveat, tools are hard to build, services, .. free services (which are usually the important ones) are harder to evolve (things cost money).
We do however, end up with a rather large gap, between something extremely valuable and those of us trying our best, with what we have, to do the right thing.
Keep up the great work all you crime fighters, we're depending on you!