Dailydave mailing list archives

RE: Custom defense

From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Mon, 23 Aug 2004 23:51:06 -0700

-----Original Message-----
From: dailydave-bounces () lists immunitysec com 
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of 
Dave Aitel
Sent: Monday, August 23, 2004 2:03 PM
To: dailydave () lists immunitysec com
Subject: [Dailydave] Custom defense

It could be wishful thinking on my part, but I see the industry heading
in two directions:
1. Custom attacks and defenses (in a domain specific and application
specific fashion). I expect this to become part of the default 
checklist
for smart enterprises in the near future, although it isn't now except
for the outliers. I don't mean "database scanners" by this though. I
mean "special parser for bobsapp log files that runs anomaly detection
on it"; I think there's a market for pluggable anomaly detection, for
example.


If I understand what you're suggesting here, I think you're probably on
the
right track (or at least it's a good idea). Implementing monitoring that
attempts to duplicate the expertise of an application/system
administrator
watching their systems. It's been done on a system level many times,
probably
on an app-level as well. 

I'm not sure about the market for custom attacks except in the sense
that CANVAS
provides custom attacks...

2. Boring audits driven by regulation. HIPPA, etc. Application security
reviews are going to turn into checklists.

And use of automated tools and then occasionally the use of humans for
the
important apps.

What I don't see is pure application reviews and various 
assessment work
ever leading to profitability in this market. It's just an impossible
business model to execute on when playing against a decent competitor.


I'm not sure how you mean impossible to execute against a decent
competitor.
Do you mean you can't guarantee finding all the vulnerabilities and some
attacker will?

t
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Custom defense Dave Aitel (Aug 23)
- Re: Custom defense David Maynor (Aug 23)
  - Re: Custom defense Dave Aitel (Aug 23)
  - RE: Custom defense Mike Bailey (Aug 23)
- Re: Custom defense Andrew R. Reiter (Aug 24)
- <Possible follow-ups>
- RE: Custom defense Kohlenberg, Toby (Aug 23)
- RE: Custom defense info (Aug 24)
- RE: Custom defense Ron Gula (Aug 24)