Dailydave mailing list archives
Re: Going against the Gradient
From: "Richard Bejtlich" <taosecurity () gmail com>
Date: Wed, 23 Jan 2008 21:35:08 -0500
Dave Aitel wrote:
I posted a quick paper which I wrote for a private newsletter that went out in December. Quicky link is here: http://www.immunityinc.com/downloads/GoingAgainstTheGradient.pdf
Hi Dave, In your paper you wrote: "If you're wondering about this, just turn around and ask your million dollars worth of IDS equipment and personnel when the last time they caught a hacker was." My answer: today. I am not joking. The question is knowing what to look for (processes), tools that capture and inspect the right data (products), and analysts who can analyze and escalate (people). Can I deploy all three in a cost-effective manner, such that they will be 100% effective at time of initial exploitation? Of course not. Can I use some combination to increase visibility and awareness, and drive incident detection and response? Of course! I may not know exactly what I need to immediately detect (much less prevent) an intrusion, but given the right process-products-people it is possible to at least do retrospective analysis, damage assessment, and then improve resistance to future attack. This is why I have advocated Network Security Monitoring for the last six years as a "beyond IDS" methodology. I've always acknowledged that some intruders are ahead of defenders, but that's not a static condition. This has been an old story for the last ten years, but some of us are still catching real bad guys for a living. You finish by writing: "Encryption, network protocol complexity, and continued attacker innovation have rendered your existing security arsenal useless. This year's question is: What are you going to do about it?" Seriously (not sarcastically), what is your answer? We do need help out here. Sincerely, Richard _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Going against the Gradient Dave Aitel (Jan 22)
- Re: Going against the Gradient Jared DeMott (Jan 22)
- Re: Going against the Gradient J.M. Seitz (Jan 22)
- Re: Going against the Gradient Joanna Rutkowska (Jan 22)
- Re: Going against the Gradient I)ruid (Jan 23)
- Message not available
- Re: Going against the Gradient Jared DeMott (Jan 28)
- Re: Going against the Gradient Arun Koshy (Jan 28)
- Re: Going against the Gradient Jared DeMott (Jan 22)
- <Possible follow-ups>
- Re: Going against the Gradient Richard Bejtlich (Jan 24)