Dailydave mailing list archives
RE: Custom defense
From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Mon, 23 Aug 2004 23:51:06 -0700
-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Dave Aitel Sent: Monday, August 23, 2004 2:03 PM To: dailydave () lists immunitysec com Subject: [Dailydave] Custom defense It could be wishful thinking on my part, but I see the industry heading in two directions: 1. Custom attacks and defenses (in a domain specific and application specific fashion). I expect this to become part of the default checklist for smart enterprises in the near future, although it isn't now except for the outliers. I don't mean "database scanners" by this though. I mean "special parser for bobsapp log files that runs anomaly detection on it"; I think there's a market for pluggable anomaly detection, for example.
If I understand what you're suggesting here, I think you're probably on the right track (or at least it's a good idea). Implementing monitoring that attempts to duplicate the expertise of an application/system administrator watching their systems. It's been done on a system level many times, probably on an app-level as well. I'm not sure about the market for custom attacks except in the sense that CANVAS provides custom attacks...
2. Boring audits driven by regulation. HIPPA, etc. Application security reviews are going to turn into checklists.
And use of automated tools and then occasionally the use of humans for the important apps.
What I don't see is pure application reviews and various assessment work ever leading to profitability in this market. It's just an impossible business model to execute on when playing against a decent competitor.
I'm not sure how you mean impossible to execute against a decent competitor. Do you mean you can't guarantee finding all the vulnerabilities and some attacker will? t _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Custom defense Dave Aitel (Aug 23)
- Re: Custom defense David Maynor (Aug 23)
- Re: Custom defense Dave Aitel (Aug 23)
- RE: Custom defense Mike Bailey (Aug 23)
- Re: Custom defense Andrew R. Reiter (Aug 24)
- <Possible follow-ups>
- RE: Custom defense Kohlenberg, Toby (Aug 23)
- RE: Custom defense info (Aug 24)
- RE: Custom defense Ron Gula (Aug 24)
- Re: Custom defense David Maynor (Aug 23)