<div dir="ltr">Great thread. The only thing I would expand on Dave's description of "indicators of Compromise" is that for us, when we get called in because the customer doesn't believe it's been compromised but wants to quiet down Bill in IT Security so he'll shaddup already, our indicators of compromise are all human and procedural and policy-based. Before we even run an nmap scan we have put together a fairly accurate prediction of what we will find based on how they do what they do. These day-or-two-long series of conversations and conferences are uncannily predictive of just how badly they're owned, and what we'll ultimately have to do about it. <div>
<br></div><div style>Nick</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 12, 2013 at 10:17 AM, Justin Seitz <span dir="ltr"><<a href="mailto:justin@immunityinc.com" target="_blank">justin@immunityinc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">> I think Paul said, "Every time you hit the easy button, God deploys another<br>
> trojan on your network."<br>
<br>
</div>This is true arguably because the overall skill of the infosec industry<br>
is on the decline. As one of my Canadian counterparts once said: "The<br>
term security researcher or penetration tester really means 'can run<br>
Nessus'". No different for the defense side.<br>
<br>
The best bet for any company slogging the new and improved defense<br>
mechanisms is to wrap it in a $100k pretty 2U chassis, and have insanely<br>
stringent trial request requirements. That way, by the time someone<br>
releases a fresh paper on how broken your detection mechanism is (like<br>
they all are), your sales cycle has gone far enough to keep the VC's off<br>
your back.<br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
</div></div></blockquote></div><br></div>