Dailydave mailing list archives
Re: Failing at Segue
From: Dave Dittrich <dave.dittrich () gmail com>
Date: Tue, 10 Dec 2013 15:07:37 -0800
On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <dave () immunityinc com> wrote:
People are strange. For example, they often say "You have to assume you are compromised!" and then in the very next breath they are buying more perimeter equipment like Fireeye and WAF and whatnot.
To your first point, I would rephrase it as "You have to assume YOU CAN BE
BREACHED" and then accept that of {protection,detection,reaction} (or per
NIST, {identify, protect, detect, respond, and recover}), you spent far too
much money on trivially defeatable "protection" and "detection", and
seriously (to your detriment) UNDERFUNDED "reaction" or "respond and
recover." Information sharing helps inform when "protection" and
"detection" fail, but you still are left with needing to shift resources to
the neglected "respond and recover" capabilities.
And yes, people are "strange" to keep buying more detection capabilities,
as if the new ones are any more of a silver bullet than were the old ones.
--
Dave Dittrich
dave.dittrich () gmail com
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Failing at Segue Dave Aitel (Dec 10)
- Re: Failing at Segue Dave Dittrich (Dec 11)
- Re: Failing at Segue Anton Chuvakin (Dec 12)
- Re: Failing at Segue Dave Dittrich (Dec 11)