Went and watched about forty minutes of this. After that long of the speakers not getting to the point about how they’re making attackers’ activities expensive, I gave up and left.
Wow, that’s an awesome app signature tool you found in your Microsoft class! I’m sure its mere existence dissuades people from trying to write malicious things. I mean, it’s totes hard to get a copy of VS!
Yes, you have to make it difficult for malicious stuff to run. I understand that. How are you costing the attackers anything? Their shit won’t run on your network; how are you costing them money, really? Quantify it.
For things like malicious embedded attachments, bouncing group messages indiviually would quickly fill thier mail queues. Maybe an automated method to report them to ISC, get them added to blacklists galore?