Dailydave mailing list archives
Re: Failing at Segue
From: Dave Dittrich <dave.dittrich () gmail com>
Date: Tue, 10 Dec 2013 15:07:37 -0800
On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <dave () immunityinc com> wrote:
People are strange. For example, they often say "You have to assume you are compromised!" and then in the very next breath they are buying more perimeter equipment like Fireeye and WAF and whatnot.
To your first point, I would rephrase it as "You have to assume YOU CAN BE BREACHED" and then accept that of {protection,detection,reaction} (or per NIST, {identify, protect, detect, respond, and recover}), you spent far too much money on trivially defeatable "protection" and "detection", and seriously (to your detriment) UNDERFUNDED "reaction" or "respond and recover." Information sharing helps inform when "protection" and "detection" fail, but you still are left with needing to shift resources to the neglected "respond and recover" capabilities. And yes, people are "strange" to keep buying more detection capabilities, as if the new ones are any more of a silver bullet than were the old ones. -- Dave Dittrich dave.dittrich () gmail com
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Failing at Segue Dave Aitel (Dec 10)
- Re: Failing at Segue Dave Dittrich (Dec 11)
- Re: Failing at Segue Anton Chuvakin (Dec 12)
- Re: Failing at Segue Dave Dittrich (Dec 11)