Home page logo

dailydave logo Dailydave mailing list archives

Re: Failing at Segue
From: Anton Chuvakin <anton () chuvakin org>
Date: Wed, 11 Dec 2013 12:09:28 -0500

On Tue, Dec 10, 2013 at 6:07 PM, Dave Dittrich <dave.dittrich () gmail com> wrote:
On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <dave () immunityinc com> wrote:

People are strange. For example, they often say "You have to assume you
are compromised!" and then in the very next breath they are buying more
perimeter equipment like Fireeye and WAF and whatnot.

To your first point, I would rephrase it as "You have to assume YOU CAN BE
BREACHED" and then accept that of {protection,detection,reaction} (or per
NIST, {identify, protect, detect, respond, and recover}), you spent far too
much money on trivially defeatable "protection" and "detection", and
seriously (to your detriment) UNDERFUNDED "reaction" or "respond and

BTW, how *BAD* is it, really? Lately I've been hearing numbers like
5-10% of IT security/infosec budget being spent around IR (presumably
including the cost of "rinse-and-repeat'ing" those owned boxes. Does
it sound about right to the esteemed list members here?

Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Twitter: @anton_chuvakin
Work: http://www.linkedin.com/in/chuvakin
Dailydave mailing list
Dailydave () lists immunityinc com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]