“In every block of marble I see a statue as plain as though it stood before me, shaped and perfect in attitude and action. I have only to hew away the rough walls that imprison the lovely apparition to reveal it to the other eyes as mine see it.” Michelangelo (1476-1564)
Michelanglo was once asked how he came to carve such a beautiful statue of an Angel in the Basilica of San Domenico. His response is seen above.
I have many times expressed that intrusion analysis and incident response is more art than science. Expertise lies with experience rather than book knowledge and gut instinct is invaluable and as likely correct as an educated guess.
I then wondered: if Intrusion Analysis is an art, to which art should it compared?
I recalled this, one of my favorite artistic quotes, and how aptly it applies to the domain of intrusion discovery and analysis.
In many ways, the answers we analysts seek is in the data. It only requires us to “hew away the rough walls” of the unimportant data revealing the activity of interest.
I teach many new analysts that to find the new and unknown you must distinguish the old and known, remove that, and you are left with what you are seeking.