Perimeter
8/21/2012
04:59 PM
Wendy Nather
Wendy Nather
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Sexy Monitoring

We examine security monitoring in the context of "sexy defense"

Many security conferences are depressing for CISOs. All the talks seem to be about new ways to break what the CISO is trying to defend, a streaming concatenation onto the end of an infinite to-do list. And many conferences don't want to hear from you unless you're either breaking into something or have been broken into ("lessons learned" presentations are as alluring as those emergency room reality TV shows). Defense is boring: Defense is about painful awareness programs, long audit meetings, being on the receiving end of penetration tests, and patching schedules.

But there are efforts to give security defense a makeover. Paul Asadoorian and John Strand's presentation at SOURCE Boston 2011, "Bringing Sexy Back," and Iftach Ian Amit's "Sexy Defense" paper and Black Hat 2012 talk are both examples of prominent industry members lending their bad-boy cachet to the safety patrol. In one of the surest signs that defense is starting to become of general interest even to the hard-core hackers, Black Hat instituted a defense track in this year's USA conference. (Granted, some of the talks had elements of "hacking back," but it's a start.)

There are other reasons why defense discussions have traditionally been out of the limelight, except at carefully chosen insider events. Publicly describing a defense strategy, especially if you imply it's a good one, can get you virtually de-pantsed, sometimes in the middle of your presentation. And talking about any incidents carries public relations and legal implications that most organizations don't want to touch.

But one thing that Anonymous, Lulzsec, and others have done for the industry (wait, wait, let me finish) is to democratize security breaches. The large number of varied targets -- ones that couldn't hide their incidents -- made it a little easier for the traditionally close-mouthed entities to come forward as well. Because it could happen to anyone, it was easier for everyone to talk about it. This trend has been helped, of course, by periodic "state of security" incident reports from those vendors that have had to investigate breaches in large numbers. When sufficiently detailed breach narratives become more popular than product data sheets and white papers, then you're onto something.

And if you're already talking about breaches, you might as well start talking about countermeasures. This has opened the door for defense-oriented vendors and service providers to enter the commercial space in larger numbers -- not just to talk to the Fortune 500, but to verticals across the board. Throw in some really good marketing, and you have defense that is reasonably alluring, if not outright sexy.

What does this mean for security monitoring? It can be one of the most interesting parts of defense: tracking and catching the bad guys. This gives SIEM, forensics, and incident response firms a larger boost than they've previously had. When it becomes "sexy" to talk about using these offerings, it can only help to reach a wider set of prospective customers. Thanks to the democratization of public breaches, plus more open dialogue helped along by more voluminous and higher-quality incident data sharing, and adoption by hackers with street cred, full-time defenders have a hope of getting on-stage and sharing the audience.

Now that defense is sexy, we can start planning our makeover for defense's even plainer cousin: compliance.

Wendy Nather is Research Director of the Enterprise Security Practice at the independent analyst firm 451 Research. You can find her on Twitter as @451wendy. Wendy Nather is Research Director of the Enterprise Security Practice at independent analyst firm 451 Research. With over 30 years of IT experience, she has worked both in financial services and in the public sector, both in the US and in Europe. Wendy's coverage areas ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7877
Published: 2014-10-30
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVE-2014-3051
Published: 2014-10-29
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s...

CVE-2014-3668
Published: 2014-10-29
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument t...

CVE-2014-3669
Published: 2014-10-29
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function ...

CVE-2014-3670
Published: 2014-10-29
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly exec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.