Dailydave mailing list archives
Re: Failing at Segue
From: Anton Chuvakin <anton () chuvakin org>
Date: Wed, 11 Dec 2013 12:09:28 -0500
On Tue, Dec 10, 2013 at 6:07 PM, Dave Dittrich <dave.dittrich () gmail com> wrote:
On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <dave () immunityinc com> wrote:People are strange. For example, they often say "You have to assume you are compromised!" and then in the very next breath they are buying more perimeter equipment like Fireeye and WAF and whatnot.To your first point, I would rephrase it as "You have to assume YOU CAN BE BREACHED" and then accept that of {protection,detection,reaction} (or per NIST, {identify, protect, detect, respond, and recover}), you spent far too much money on trivially defeatable "protection" and "detection", and seriously (to your detriment) UNDERFUNDED "reaction" or "respond and recover."
BTW, how *BAD* is it, really? Lately I've been hearing numbers like 5-10% of IT security/infosec budget being spent around IR (presumably including the cost of "rinse-and-repeat'ing" those owned boxes. Does it sound about right to the esteemed list members here? -- Dr. Anton Chuvakin Site: http://www.chuvakin.org Twitter: @anton_chuvakin Work: http://www.linkedin.com/in/chuvakin _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Failing at Segue Dave Aitel (Dec 10)
- Re: Failing at Segue Dave Dittrich (Dec 11)
- Re: Failing at Segue Anton Chuvakin (Dec 12)
- Re: Failing at Segue Dave Dittrich (Dec 11)