Dailydave mailing list archives

Re: Improvements

From: Dominique Brezinski <dominique.brezinski () gmail com>
Date: Thu, 16 Feb 2017 20:39:53 -0800

All the notable, large tech companies and cloud providers roll their own everything. Most of the hyperscale companies
buy very little third-party security product. The things they build are everything from a little python glue to massive
analytics systems backed by software development teams running on tens of thousands of cores, tens of terabytes of ram,
and tens of petabytes of storage.

Automating as much detection through response is the name of the game for both practical and theoretical reasons.
Walking the RSA expo floor, I can attest that there are less than a half dozen companies that have any understanding of
what it actually looks like and takes to be effective at scale. All the ones that do are because the founders had some
exposure to these environments or people that worked in them. If your durable data store is Elasticsearch or Mongodb,
you are doing it wrong. Sorry Logrhythm, your choice of datastore and product packaging do not work at cloudscale. You
won't find it in Google, Amazon, Facebook, or even Yahoo. Look what AirBNB just open sourced. That is an example of
what a small, but cloud and scale aware, team did to solve some of their monitoring and response problems.

If you don't get that the most secure place to build your systems are on AWS or Google's clouds, then you don't have
any idea about what problems need to be solved to effectively monitor and respond to threats. I will leave that as a
thought exercise, though I am happy to elaborate if anyone honestly cares to hear the answers.

Dom

On Feb 15, 2017, at 11:47 PM, Tracy Reed <treed () ultraviolet org> wrote:

On Wed, Feb 15, 2017 at 08:46:34AM PST, Jordan Wiens spake thusly:

It sounds like the specific actions and data ingests might be different,
but the idea of rolling your own automated system hasn't changed a bit in
ten years. Surprised to not hear more about the approach, but agree
completely that no one vendor does it, and yet every vendor can easily be a
part of it.


In the industry that I see there is huge pressure from the c-suite to
buy a pre-packaged product (aka silver bullet) and strong disincentive
to spend time rolling your own custom franken-solution which the
management will have no faith in because one of their own employees
built it instead of a big name which can boast about magic quadrants and
such. 

-- 
Tracy Reed
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Improvements Dave Aitel (Feb 15)
- Re: Improvements Jordan Wiens (Feb 15)
  - Re: Improvements Wim Remes (Feb 16)
    - Re: Improvements J. Oquendo (Feb 23)
    - Re: Improvements Oliver Friedrichs (Feb 24)
    - Re: Improvements Chris Kuethe (Feb 23)
  - Re: Improvements Tracy Reed (Feb 16)
    - Re: Improvements Andrew Becherer (Feb 23)
    - Re: Improvements Andre Gironda (Feb 23)
    - Re: Improvements Jimmy D (Feb 23)
    - Re: Improvements Dominique Brezinski (Feb 23)
    - Message not available
    - Re: Improvements Dominique Brezinski (Feb 24)
    - Re: Improvements Laurens Vets (Mar 01)