Re: Defeating what's next

[Nick Selby <nick.selby () gmail com>]

Great thread. The only thing I would expand on Dave's description of
"indicators of Compromise" is that for us, when we get called in because
the customer doesn't believe it's been compromised but wants to quiet down
Bill in IT Security so he'll shaddup already, our indicators of compromise
are all human and procedural and policy-based. Before we even run an nmap
scan we have put together a fairly accurate prediction of what we will find
based on how they do what they do. These day-or-two-long series of
conversations and conferences are uncannily predictive of just how badly
they're owned, and what we'll ultimately have to do about it.

Nick


On Wed, Jun 12, 2013 at 10:17 AM, Justin Seitz <justin () immunityinc com>wrote:

> > I think Paul said, "Every time you hit the easy button, God deploys
> another
> > trojan on your network."
>
> This is true arguably because the overall skill of the infosec industry
> is on the decline. As one of my Canadian counterparts once said: "The
> term security researcher or penetration tester really means 'can run
> Nessus'". No different for the defense side.
>
> The best bet for any company slogging the new and improved defense
> mechanisms is to wrap it in a $100k pretty 2U chassis, and have insanely
> stringent trial request requirements. That way, by the time someone
> releases a fresh paper on how broken your detection mechanism is (like
> they all are), your sales cycle has gone far enough to keep the VC's off
> your back.
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave