> Despite what the expression may seem to imply, a lack of evidence can be informative. For example, when testing a new drug, if no harmful effects are observed then this suggests that the drug is safe.
Seems a very liberal use of the word “safe” unless I’m misunderstanding. It could mean either the drug is 100% safe, or that our methods of observation were insufficient to find the risk. Safe until proven unsafe and the class action lawsuits start, as it goes with many drugs.
Doesn’t seem like a particularly strong counter-argument, unless the point is that sometimes we humans like to err on the side of recklessness in the name of progress.
I think you are misunderstanding, the article doesn't just say "safe", the article says "suggests it is safe" (the "suggests" part implies not being 100% certain).
As someone who's entire job is to maintain a gigantic qradar cluster (IBM won't sell us larger licenses), I sure hope 1p have to logs to back their claims because I know that it is possible that they do.
Full PCAP, process auditing and centralized logs are not only a thing, they have been for decades.
It just simply isn't worth the investment for CIO/CTO/CISO types because it isn't sexy. To say it's impossible is just factually inaccurate.
I know more than a few places doing 40gbps and 100gbps full packet capture for 30+ days. And relatively speaking, the investment isn't that large (for tens of petabytes it isn't as expensive as you might think).
https://en.m.wikipedia.org/wiki/Evidence_of_absence