Dailydave mailing list archives
Re: Defeating what's next
From: Nick Selby <nick.selby () gmail com>
Date: Wed, 12 Jun 2013 11:33:52 -0500
Great thread. The only thing I would expand on Dave's description of "indicators of Compromise" is that for us, when we get called in because the customer doesn't believe it's been compromised but wants to quiet down Bill in IT Security so he'll shaddup already, our indicators of compromise are all human and procedural and policy-based. Before we even run an nmap scan we have put together a fairly accurate prediction of what we will find based on how they do what they do. These day-or-two-long series of conversations and conferences are uncannily predictive of just how badly they're owned, and what we'll ultimately have to do about it. Nick On Wed, Jun 12, 2013 at 10:17 AM, Justin Seitz <justin () immunityinc com>wrote:
I think Paul said, "Every time you hit the easy button, God deploysanothertrojan on your network."This is true arguably because the overall skill of the infosec industry is on the decline. As one of my Canadian counterparts once said: "The term security researcher or penetration tester really means 'can run Nessus'". No different for the defense side. The best bet for any company slogging the new and improved defense mechanisms is to wrap it in a $100k pretty 2U chassis, and have insanely stringent trial request requirements. That way, by the time someone releases a fresh paper on how broken your detection mechanism is (like they all are), your sales cycle has gone far enough to keep the VC's off your back. _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Defeating what's next Dave Aitel (Jun 12)
- Re: Defeating what's next John Strand (Jun 12)
- Re: Defeating what's next Justin Seitz (Jun 12)
- Re: Defeating what's next Arrigo Triulzi (Jun 12)
- Re: Defeating what's next Nick Selby (Jun 12)
- Re: Defeating what's next security curmudgeon (Jun 12)
- Re: Defeating what's next Brad Andrews (Jun 12)
- Re: Defeating what's next Kristian Erik Hermansen (Jun 12)
- Re: Defeating what's next Justin Seitz (Jun 12)
- Re: Defeating what's next Vitaly Osipov (Jun 13)
- Re: Defeating what's next Moses (Jun 14)
- Re: Defeating what's next Val Smith (Jun 17)
- Re: Defeating what's next toby (Jun 17)
- <Possible follow-ups>
- Re: Defeating what's next Halvar Flake (Jun 12)
- Re: Defeating what's next Ben Miller (Jun 13)
- Re: Defeating what's next John Strand (Jun 12)