[Dailydave] Failing at Segue
Dave Dittrich
dave.dittrich at gmail.com
Tue Dec 10 18:07:37 EST 2013
On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <dave at immunityinc.com> wrote:
> People are strange. For example, they often say "You have to assume you
> are compromised!" and then in the very next breath they are buying more
> perimeter equipment like Fireeye and WAF and whatnot.
To your first point, I would rephrase it as "You have to assume YOU CAN BE
BREACHED" and then accept that of {protection,detection,reaction} (or per
NIST, {identify, protect, detect, respond, and recover}), you spent far too
much money on trivially defeatable "protection" and "detection", and
seriously (to your detriment) UNDERFUNDED "reaction" or "respond and
recover." Information sharing helps inform when "protection" and
"detection" fail, but you still are left with needing to shift resources to
the neglected "respond and recover" capabilities.
And yes, people are "strange" to keep buying more detection capabilities,
as if the new ones are any more of a silver bullet than were the old ones.
--
Dave Dittrich
dave.dittrich at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20131210/4eb87960/attachment.html>
More information about the Dailydave
mailing list