arrigo at alchemistowl.org
Fri Sep 29 15:31:46 UTC 2017
On 29 Sep 2017, at 01:12, the grugq <thegrugq at gmail.com> wrote:
> This is not a “bug” issue, it is an architecture issue. You know, if they threw a canary.io tool into that DMZ and configured it to look like a database, they’d have known about the hack during that first week. If they monitored their logs for unusual activity, such as the installation of 30 webshells, and gigabytes of data going the wrong way. If they had an architecture that prevented a compromise of a web server enabling access to sensitive company data. If they had asset management and decommissioned legacy databases, rather than leaving them in the DMZ.
Just in passing: "Equifax is ISO/IEC 27001:2013 certified by a reputable independent third party.”. Asset management is a core part of ISO27001:2013.
 https://www.equifax.com/assets/WFS/the_work_number_best_practices_in_data_security.pdf (1st page)
More information about the Dailydave