Perimeter
8/21/2012
04:59 PM
Wendy Nather
Wendy Nather
Commentary
50%
50%

Sexy Monitoring

We examine security monitoring in the context of "sexy defense"

Many security conferences are depressing for CISOs. All the talks seem to be about new ways to break what the CISO is trying to defend, a streaming concatenation onto the end of an infinite to-do list. And many conferences don't want to hear from you unless you're either breaking into something or have been broken into ("lessons learned" presentations are as alluring as those emergency room reality TV shows). Defense is boring: Defense is about painful awareness programs, long audit meetings, being on the receiving end of penetration tests, and patching schedules.

But there are efforts to give security defense a makeover. Paul Asadoorian and John Strand's presentation at SOURCE Boston 2011, "Bringing Sexy Back," and Iftach Ian Amit's "Sexy Defense" paper and Black Hat 2012 talk are both examples of prominent industry members lending their bad-boy cachet to the safety patrol. In one of the surest signs that defense is starting to become of general interest even to the hard-core hackers, Black Hat instituted a defense track in this year's USA conference. (Granted, some of the talks had elements of "hacking back," but it's a start.)

There are other reasons why defense discussions have traditionally been out of the limelight, except at carefully chosen insider events. Publicly describing a defense strategy, especially if you imply it's a good one, can get you virtually de-pantsed, sometimes in the middle of your presentation. And talking about any incidents carries public relations and legal implications that most organizations don't want to touch.

But one thing that Anonymous, Lulzsec, and others have done for the industry (wait, wait, let me finish) is to democratize security breaches. The large number of varied targets -- ones that couldn't hide their incidents -- made it a little easier for the traditionally close-mouthed entities to come forward as well. Because it could happen to anyone, it was easier for everyone to talk about it. This trend has been helped, of course, by periodic "state of security" incident reports from those vendors that have had to investigate breaches in large numbers. When sufficiently detailed breach narratives become more popular than product data sheets and white papers, then you're onto something.

And if you're already talking about breaches, you might as well start talking about countermeasures. This has opened the door for defense-oriented vendors and service providers to enter the commercial space in larger numbers -- not just to talk to the Fortune 500, but to verticals across the board. Throw in some really good marketing, and you have defense that is reasonably alluring, if not outright sexy.

What does this mean for security monitoring? It can be one of the most interesting parts of defense: tracking and catching the bad guys. This gives SIEM, forensics, and incident response firms a larger boost than they've previously had. When it becomes "sexy" to talk about using these offerings, it can only help to reach a wider set of prospective customers. Thanks to the democratization of public breaches, plus more open dialogue helped along by more voluminous and higher-quality incident data sharing, and adoption by hackers with street cred, full-time defenders have a hope of getting on-stage and sharing the audience.

Now that defense is sexy, we can start planning our makeover for defense's even plainer cousin: compliance.

Wendy Nather is Research Director of the Enterprise Security Practice at the independent analyst firm 451 Research. You can find her on Twitter as @451wendy. Wendy Nather is Research Director of the Enterprise Security Practice at independent analyst firm 451 Research. With over 30 years of IT experience, she has worked both in financial services and in the public sector, both in the US and in Europe. Wendy's coverage areas ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.