« Collected Thoughts on Security Architecture Evolution | Main | Twelve Days of Phishmas - Fifth Anniversary Carol »

Monday, 02 December 2013


Feed You can follow this conversation by subscribing to the comment feed for this post.

All excellent points, Andre.

Let's look at these carefully:

1) Attackers build, test, routinely and often. This rigor is not as widely adopted by infosec/IT.

2) Relying on "install, configure and forget" security technology is the antithesis of agility.

3) Relying on security technology excuses senior management from hiring analytical and insightful security professionals in sufficient numbers. We have some, but not nearly enough of these types of people.

Thanks for your comment!

That's an easy answer. Professionals are failing to integrate SOTA defenses and decision makers are failing to fund full integration with their PMOs.

Additionally, you must also consider that unwanted adversaries build and test their malware systems and subsystems early and often. If you don't have the same agility in your organization, then their R-squared beats yours each time. The `killav' command in Meterpreter comes to mind, but so does the Exchange Policy and AirWatch bypasses on iOS especially when in combination with a faraday bag. Unwanted adversaries are analytic and highly-insightful professionals, but information security types typically are not.

The comments to this entry are closed.

Find me on Mastodon and Facebook
My Photo