Home page logo

dailydave logo Dailydave mailing list archives

Re: Failing at Segue
From: Dave Dittrich <dave.dittrich () gmail com>
Date: Tue, 10 Dec 2013 15:07:37 -0800

On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <dave () immunityinc com> wrote:

People are strange. For example, they often say "You have to assume you
are compromised!" and then in the very next breath they are buying more
perimeter equipment like Fireeye and WAF and whatnot.

To your first point, I would rephrase it as "You have to assume YOU CAN BE
BREACHED" and then accept that of {protection,detection,reaction} (or per
NIST, {identify, protect, detect, respond, and recover}), you spent far too
much money on trivially defeatable "protection" and "detection", and
seriously (to your detriment) UNDERFUNDED "reaction" or "respond and
recover." Information sharing helps inform when "protection" and
"detection" fail, but you still are left with needing to shift resources to
the neglected "respond and recover" capabilities.

And yes, people are "strange" to keep buying more detection capabilities,
as if the new ones are any more of a silver bullet than were the old ones.

Dave Dittrich
dave.dittrich () gmail com
Dailydave mailing list
Dailydave () lists immunityinc com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]