[Dailydave] Failing at Segue
Anton Chuvakin
anton at chuvakin.org
Wed Dec 11 12:09:28 EST 2013
On Tue, Dec 10, 2013 at 6:07 PM, Dave Dittrich <dave.dittrich at gmail.com> wrote:
> On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <dave at immunityinc.com> wrote:
>
>> People are strange. For example, they often say "You have to assume you
>> are compromised!" and then in the very next breath they are buying more
>> perimeter equipment like Fireeye and WAF and whatnot.
>
> To your first point, I would rephrase it as "You have to assume YOU CAN BE
> BREACHED" and then accept that of {protection,detection,reaction} (or per
> NIST, {identify, protect, detect, respond, and recover}), you spent far too
> much money on trivially defeatable "protection" and "detection", and
> seriously (to your detriment) UNDERFUNDED "reaction" or "respond and
> recover."
BTW, how *BAD* is it, really? Lately I've been hearing numbers like
5-10% of IT security/infosec budget being spent around IR (presumably
including the cost of "rinse-and-repeat'ing" those owned boxes. Does
it sound about right to the esteemed list members here?
--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Twitter: @anton_chuvakin
Work: http://www.linkedin.com/in/chuvakin
More information about the Dailydave
mailing list