Telemetry—Data from Security Products

Steffens, Timo

doi:10.1007/978-3-662-61313-9_7

Timo Steffens²

1449 Accesses

Abstract

Millions of computers worldwide run security software that is deeply interfaced with the operating system and has almost unlimited visibility on the system running it. Many IT-security companies collect data from the installed instances of their products: telemetry. While the main motivation is to enhance the detection quality of the security software, the same data can be used to gain insights into the operations of attackers and sometimes even about their origin. This chapter explains what types of data can be obtained and how they support attribution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 49.99; Price excludes VAT (USA)

Softcover Book: USD 64.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Microsoft: Using Windows Defender telemetry to help mitigate malware attacks. In: MIcrosoft IT Showcase (2016). http://web.archive.org/web/20170901145212/https://www.microsoft.com/itshowcase/Article/Content/782/Using-Windows-Defender-telemetry-to-help-mitigate-malware-attacks. Accessed 1 Sept 2017
Symantec: Monatsbericht. In: Security Response-Veröffentlichungen. https://www.symantec.com/de/de/security_response/publications/monthlythreatreport.jsp. Accessed 3 Sept 2017
Gudkova, D., Vergelis, M., Demidova, N. and Shcherbakova, T.: Spam im Jahr 2016. In: Securelist (2017). https://de.securelist.com/kaspersky-security-bulletin-spam-and-phishing-in-2016/72383/. Accessed 3 Sept 2017
McAfee: McAfee Labs threats-report April 2017. In: McAfee Reports. https://www.mcafee.com/de/resources/reports/rp-quarterly-threats-mar-2017.pdf. Accessed 3 Sept 2017
Marsh, S.: US joins UK in blaming Russia for NotPetya cyber-attack. In: The Guardian (2017). https://www.theguardian.com/technology/2018/feb/15/uk-blames-russia-notpetya-cyber-attack-ukraine. Accessed 26 Dec 2019
Symantec Security Response: WannaCry-Ransomware attacks show strong links to Lazarus group. In: Symantec Offical Blog (2017). https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group. Accessed 3 Sept 2017
Insikt Group: North Korea is not crazy. In: The RecordedFuture Blog (2017). http://web.archive.org/web/20170817185506/https://www.recordedfuture.com/north-korea-cyber-activity/. Accessed 2 Sept 2017
United States District Court for the Central District of California: United States of America v. Park Jin Hyok (2018). https://www.justice.gov/opa/press-release/file/1092091/download. Accessed 10 Dec 2019
Zetter, K.: Researchers say they uncovered Uzbekistan hacking operations due to spectacularly bad OPSEC. In: Motherboard (2019). https://www.vice.com/amp/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec. Accessed 28 Dec 2019

Download references

Author information

Authors and Affiliations

Bonn, Germany
Timo Steffens

Authors

Timo Steffens
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Timo Steffens .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Steffens, T. (2020). Telemetry—Data from Security Products. In: Attribution of Advanced Persistent Threats. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-61313-9_7

Download citation

DOI: https://doi.org/10.1007/978-3-662-61313-9_7
Published: 21 July 2020
Publisher Name: Springer Vieweg, Berlin, Heidelberg
Print ISBN: 978-3-662-61312-2
Online ISBN: 978-3-662-61313-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics