dave aitel
2017-03-16 15:43:27 UTC
Everyone I know lived through the "Blinken-Lights-IDS" phase. This is
back when you had dial-up or perhaps very early Internet and you were
the only person on your switch, and most importantly, you slept and
lived near your computer and switch because you were a poor college
student or similar. So your entire defense was situated on "Are the
lights blinking when I'm not typing on my computer?"
Ask yourself: How far from that have we come, really?
Honestly, the line that strikes fear into the hearts and minds of all
SOC engineers is "How do you measure your success?". I'm on the Security
Metrics mailing list, which has been around basically forever, and what
they will point out is that good metrics need good data, and we have
about zero of that in almost all aspects of this game. While attackers
have real numbers, the defensive process is literally evolutionary: We
try EVERYTHING and just see which companies fail due to data breaches
and while we don't really learn any lessons directly, maybe the next
generation of companies will be, in some way, similar to whatever
mutation helped.
-dave
back when you had dial-up or perhaps very early Internet and you were
the only person on your switch, and most importantly, you slept and
lived near your computer and switch because you were a poor college
student or similar. So your entire defense was situated on "Are the
lights blinking when I'm not typing on my computer?"
Ask yourself: How far from that have we come, really?
Honestly, the line that strikes fear into the hearts and minds of all
SOC engineers is "How do you measure your success?". I'm on the Security
Metrics mailing list, which has been around basically forever, and what
they will point out is that good metrics need good data, and we have
about zero of that in almost all aspects of this game. While attackers
have real numbers, the defensive process is literally evolutionary: We
try EVERYTHING and just see which companies fail due to data breaches
and while we don't really learn any lessons directly, maybe the next
generation of companies will be, in some way, similar to whatever
mutation helped.
-dave