Perimeter
8/21/2012
04:59 PM
Wendy Nather
Wendy Nather
Commentary
50%
50%

Sexy Monitoring

We examine security monitoring in the context of "sexy defense"

Many security conferences are depressing for CISOs. All the talks seem to be about new ways to break what the CISO is trying to defend, a streaming concatenation onto the end of an infinite to-do list. And many conferences don't want to hear from you unless you're either breaking into something or have been broken into ("lessons learned" presentations are as alluring as those emergency room reality TV shows). Defense is boring: Defense is about painful awareness programs, long audit meetings, being on the receiving end of penetration tests, and patching schedules.

But there are efforts to give security defense a makeover. Paul Asadoorian and John Strand's presentation at SOURCE Boston 2011, "Bringing Sexy Back," and Iftach Ian Amit's "Sexy Defense" paper and Black Hat 2012 talk are both examples of prominent industry members lending their bad-boy cachet to the safety patrol. In one of the surest signs that defense is starting to become of general interest even to the hard-core hackers, Black Hat instituted a defense track in this year's USA conference. (Granted, some of the talks had elements of "hacking back," but it's a start.)

There are other reasons why defense discussions have traditionally been out of the limelight, except at carefully chosen insider events. Publicly describing a defense strategy, especially if you imply it's a good one, can get you virtually de-pantsed, sometimes in the middle of your presentation. And talking about any incidents carries public relations and legal implications that most organizations don't want to touch.

But one thing that Anonymous, Lulzsec, and others have done for the industry (wait, wait, let me finish) is to democratize security breaches. The large number of varied targets -- ones that couldn't hide their incidents -- made it a little easier for the traditionally close-mouthed entities to come forward as well. Because it could happen to anyone, it was easier for everyone to talk about it. This trend has been helped, of course, by periodic "state of security" incident reports from those vendors that have had to investigate breaches in large numbers. When sufficiently detailed breach narratives become more popular than product data sheets and white papers, then you're onto something.

And if you're already talking about breaches, you might as well start talking about countermeasures. This has opened the door for defense-oriented vendors and service providers to enter the commercial space in larger numbers -- not just to talk to the Fortune 500, but to verticals across the board. Throw in some really good marketing, and you have defense that is reasonably alluring, if not outright sexy.

What does this mean for security monitoring? It can be one of the most interesting parts of defense: tracking and catching the bad guys. This gives SIEM, forensics, and incident response firms a larger boost than they've previously had. When it becomes "sexy" to talk about using these offerings, it can only help to reach a wider set of prospective customers. Thanks to the democratization of public breaches, plus more open dialogue helped along by more voluminous and higher-quality incident data sharing, and adoption by hackers with street cred, full-time defenders have a hope of getting on-stage and sharing the audience.

Now that defense is sexy, we can start planning our makeover for defense's even plainer cousin: compliance.

Wendy Nather is Research Director of the Enterprise Security Practice at the independent analyst firm 451 Research. You can find her on Twitter as @451wendy. Wendy Nather is Research Director of the Enterprise Security Practice at independent analyst firm 451 Research. With over 30 years of IT experience, she has worked both in financial services and in the public sector, both in the US and in Europe. Wendy's coverage areas ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6477
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?