AusCERT 2023 had a few talks that hint towards a focus on "threat intelligence sharing"[1][2] amongst what would seemingly be a combination of government departments and "critical infrastructure" private sector companies (utilities, supply chain, healthcare, ...etc).
Perhaps something along the lines of a modern take on DShield[3] (2000-), RBLs[4] as well as centralised log analysis, etc? The ability to have a central repository of rules such as "File X was created at location Y on host Z and this is highly unusual as files have never before been written to location Y, plus administrators are currently asleep and have not logged into host Z in the past day".
AusCERT 2023 had a few talks that hint towards a focus on "threat intelligence sharing"[1][2] amongst what would seemingly be a combination of government departments and "critical infrastructure" private sector companies (utilities, supply chain, healthcare, ...etc).
Perhaps something along the lines of a modern take on DShield[3] (2000-), RBLs[4] as well as centralised log analysis, etc? The ability to have a central repository of rules such as "File X was created at location Y on host Z and this is highly unusual as files have never before been written to location Y, plus administrators are currently asleep and have not logged into host Z in the past day".
[1] https://www.youtube.com/watch?v=7MTFknX_OYE
[2] https://www.youtube.com/watch?v=TAnsk_xX5JQ
[3] https://en.wikipedia.org/wiki/DShield
[4] https://en.wikipedia.org/wiki/Domain_Name_System_blocklist