Dailydave mailing list archives
Blinken Lights IDS
From: dave aitel <dave () immunityinc com>
Date: Thu, 16 Mar 2017 11:43:27 -0400
Everyone I know lived through the "Blinken-Lights-IDS" phase. This is back when you had dial-up or perhaps very early Internet and you were the only person on your switch, and most importantly, you slept and lived near your computer and switch because you were a poor college student or similar. So your entire defense was situated on "Are the lights blinking when I'm not typing on my computer?" Ask yourself: How far from that have we come, really? Honestly, the line that strikes fear into the hearts and minds of all SOC engineers is "How do you measure your success?". I'm on the Security Metrics mailing list, which has been around basically forever, and what they will point out is that good metrics need good data, and we have about zero of that in almost all aspects of this game. While attackers have real numbers, the defensive process is literally evolutionary: We try EVERYTHING and just see which companies fail due to data breaches and while we don't really learn any lessons directly, maybe the next generation of companies will be, in some way, similar to whatever mutation helped. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Blinken Lights IDS dave aitel (Mar 16)
- Re: Blinken Lights IDS Andre Gironda (Mar 17)