Dailydave mailing list archives
RE: Custom defense
From: "Mike Bailey" <mike.bailey () sunbladesecurity com>
Date: Mon, 23 Aug 2004 23:53:36 -0400
Hmmmm, I didn't interpret Dave's post to mean custom attack / defenses in that fashion.. I was thinking along the lines of defenses implemented that are very specific to the applications and infrastructures in place on a given system instead of general use techniques and tools in place today. Stuff to ponder I guess Dave's Direction 2: I think we're already there. Banking for example, If you look at the 15,000+ banks out there you will find a very small percentage that really want to be secure or even know what insecurities they have. They want to know the FFIEC is not going to lower their rating (or worse let their customers know) due to findings that don't meet the assessment criteria the FDIC, OCC and Federal Reserve examiners are looking for. I'm sure it will be the same for HIPPA as soon as they get an federal level audit division for it. It's my opinion that companies want to know they won't get in trouble more so than protecting themselves and others from security incidents.
-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of David Maynor Sent: Monday, August 23, 2004 9:49 PM To: Dave Aitel Cc: dailydave () lists immunitysec com Subject: Re: [Dailydave] Custom defense I dunno Dave....I am gonna have to go ahead and disagree with you on this one. If you believe in custom attacks then you are not a fan of the hype of companies like ISS. You see, ISS writes their sigs for the vulns, and not for exploits. People like Tipping Point claim this, but in fact don't. Further proof your custom attack market is not very large is the HIPS market. Lack of code coverage and poor design will keep players like Cisco and Entercept from ever stopping anything of any worth. What does this mean, why am I spouting it? Simple, its still the wild, wild, west. Custom attacks, generic attacks, they are all still owning everybody with out protection of REAL security companies********************** On Mon, 23 Aug 2004 17:02:48 -0400, Dave Aitel <dave () immunitysec com> wrote:So I think the real market for future security is in custom attacks and defenses. This is what I see people starting to workon, althoughthey call it by many names (IPS, etc)._______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Custom defense Dave Aitel (Aug 23)
- Re: Custom defense David Maynor (Aug 23)
- Re: Custom defense Dave Aitel (Aug 23)
- RE: Custom defense Mike Bailey (Aug 23)
- Re: Custom defense Andrew R. Reiter (Aug 24)
- <Possible follow-ups>
- RE: Custom defense Kohlenberg, Toby (Aug 23)
- RE: Custom defense info (Aug 24)
- RE: Custom defense Ron Gula (Aug 24)
- Re: Custom defense David Maynor (Aug 23)