funsec mailing list archives
Re: heuristics are dead?
From: Amrit Williams <johndoe321 () gmail com>
Date: Mon, 2 Mar 2009 08:49:46 -0800
Hey David, Before this thread turns into a lynching - I am the guy in the middle - let me provide some context. Speaking for myself as I am loathe to defend the comments of those who are not me, especially when I disagree with them and didn't actually say anything was "dead", I do understand the difference. To give you some perspective I worked in the engineering AV division of McAfee from 1995 - 2000, I was also a Gartner analyst in their security and risk practice (sorry Alex - I know how you despise Analyst) and spent my time there talking to large organizations in every vertical, as well as every vendor that sold to them. I am currently the CTO of BigFix, which partners with Trend Mico to provide endpoint security through our unified management platform. At the highest of levels I would agree with the comments made by Alex on his blog. The challenges I stated in terms of these technologies were aimed at the inherent problems of operationally implementing these tools in a large enterprise production environment. These include, but are not limited to, policy definition and tuning - when required (many orgs have 100's of internally developed apps and thousands of apps deployed enterprise wide across many different OS platforms and multiple variants), minimizing application conflict between the protection technologies and the corporate applications, minimizing impact on the user, and of course just basic enterprise management (care and feeding, updating, etc) - managing these technologies on 1-100 endpoints without issue is one thing, managing them on 100,000 endpoints+ is completely different. Show of hands - how many people have depoyed CSA at enterprise scale without causing more problems than it solved or required months of tuning? You may disagree with me, you may think I have no clue, that is your opinion and your right, but I wanted to provide you - all of you - with an opportunity to discuss your concerns directly with me. btw - I sent this to Michael yesterday, I meant to reply all but it was late; I would assume that if you are able to show that heuristic/behavioral based technologies are providing benefit by blocking or limiting security incidents, and are doing this without any impact to productivity or conflicting with corporate applications, and you are able to manage these technologies in your organization at scale and within budget, without dedicated FTE's, than I am sure you will have no trouble highlighting this to the organization regardless of what a couple of "experts" say. Regards, Amrit On Mon, Mar 2, 2009 at 3:50 AM, David Harley <david.a.harley () gmail com>wrote:
I'm not sure that people who know the difference between heuristics and behaviour analysis qualify as distinguished. :-/ -- David Harley BA CISSP FBCS CITP Small Blue-Green World-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Nick FitzGerald Sent: 02 March 2009 03:38 To: funsec () linuxbox org Subject: Re: [funsec] heuristics are dead? Alex Eckelberry wrote:... a group of security experts ...They were introduced as "three distinguished security bloggers". Maybe I should get a blog? Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- heuristics are dead? Alex Eckelberry (Mar 01)
- Re: heuristics are dead? Larry Seltzer (Mar 01)
- Re: heuristics are dead? Nick FitzGerald (Mar 01)
- Re: heuristics are dead? David Harley (Mar 02)
- Re: heuristics are dead? Amrit Williams (Mar 04)
- Re: heuristics are dead? David Harley (Mar 02)
- Re: heuristics are dead? Alex Eckelberry (Mar 02)
- Re: heuristics are dead? David Harley (Mar 02)
- <Possible follow-ups>
- Re: heuristics are dead? Aryeh Goretsky (home) (Mar 05)