Dailydave mailing list archives
Improvements
From: Dave Aitel <dave.aitel () gmail com>
Date: Wed, 15 Feb 2017 15:59:39 +0000
http://www.securityweek.com/crowdstrike-sues-nss-labs-prevent-publication-test-results [image: fRPrLXf.jpg] One thing I've had problems with is learning that people can "get gud". It's one of the reasons I always cringe at the inevitable policy trope of "Cyber war is easier for attackers than defenders. Yesterday I was talking to a professional CISO - one of the ones I've known for years out of the NYC scene. He's like "Yes, individually none of the stuff anyone sells you works at all. But once you connect, say, Bromium, to the BlueCoat API with a bit of analysis glue you can have five minute response metrics, where once you find any anomaly, you can do memory searches for that running anywhere in your org, then automatically stuff those machines on their own VLANS. "When I join a new org, whatever random vendors they've bought into, I can make that really work. It does't really matter what they have, as long as they have something." Automated response has always been the real market. I can see people actually DOING it now, even though no product vendor wants to talk about it. And it's one of the few things that actually scares me as an attacker. -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Improvements Dave Aitel (Feb 15)
- Re: Improvements Jordan Wiens (Feb 15)
- Re: Improvements Wim Remes (Feb 16)
- Re: Improvements J. Oquendo (Feb 23)
- Re: Improvements Oliver Friedrichs (Feb 24)
- Re: Improvements Chris Kuethe (Feb 23)
- Re: Improvements Wim Remes (Feb 16)
- Re: Improvements Tracy Reed (Feb 16)
- Re: Improvements Andrew Becherer (Feb 23)
- Re: Improvements Andre Gironda (Feb 23)
- Re: Improvements Jimmy D (Feb 23)
- Re: Improvements Dominique Brezinski (Feb 23)
- Re: Improvements Jordan Wiens (Feb 15)