Dailydave mailing list archives
Re: Improvements
From: Dominique Brezinski <dominique.brezinski () gmail com>
Date: Thu, 16 Feb 2017 20:39:53 -0800
All the notable, large tech companies and cloud providers roll their own everything. Most of the hyperscale companies buy very little third-party security product. The things they build are everything from a little python glue to massive analytics systems backed by software development teams running on tens of thousands of cores, tens of terabytes of ram, and tens of petabytes of storage. Automating as much detection through response is the name of the game for both practical and theoretical reasons. Walking the RSA expo floor, I can attest that there are less than a half dozen companies that have any understanding of what it actually looks like and takes to be effective at scale. All the ones that do are because the founders had some exposure to these environments or people that worked in them. If your durable data store is Elasticsearch or Mongodb, you are doing it wrong. Sorry Logrhythm, your choice of datastore and product packaging do not work at cloudscale. You won't find it in Google, Amazon, Facebook, or even Yahoo. Look what AirBNB just open sourced. That is an example of what a small, but cloud and scale aware, team did to solve some of their monitoring and response problems. If you don't get that the most secure place to build your systems are on AWS or Google's clouds, then you don't have any idea about what problems need to be solved to effectively monitor and respond to threats. I will leave that as a thought exercise, though I am happy to elaborate if anyone honestly cares to hear the answers. Dom
On Feb 15, 2017, at 11:47 PM, Tracy Reed <treed () ultraviolet org> wrote: On Wed, Feb 15, 2017 at 08:46:34AM PST, Jordan Wiens spake thusly:It sounds like the specific actions and data ingests might be different, but the idea of rolling your own automated system hasn't changed a bit in ten years. Surprised to not hear more about the approach, but agree completely that no one vendor does it, and yet every vendor can easily be a part of it.In the industry that I see there is huge pressure from the c-suite to buy a pre-packaged product (aka silver bullet) and strong disincentive to spend time rolling your own custom franken-solution which the management will have no faith in because one of their own employees built it instead of a big name which can boast about magic quadrants and such. -- Tracy Reed _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Improvements Dave Aitel (Feb 15)
- Re: Improvements Jordan Wiens (Feb 15)
- Re: Improvements Wim Remes (Feb 16)
- Re: Improvements J. Oquendo (Feb 23)
- Re: Improvements Oliver Friedrichs (Feb 24)
- Re: Improvements Chris Kuethe (Feb 23)
- Re: Improvements Wim Remes (Feb 16)
- Re: Improvements Tracy Reed (Feb 16)
- Re: Improvements Andrew Becherer (Feb 23)
- Re: Improvements Andre Gironda (Feb 23)
- Re: Improvements Jimmy D (Feb 23)
- Re: Improvements Dominique Brezinski (Feb 23)
- Message not available
- Re: Improvements Dominique Brezinski (Feb 24)
- Re: Improvements Laurens Vets (Mar 01)
- Re: Improvements Jordan Wiens (Feb 15)