Perimeter
8/21/2012
04:59 PM
Wendy Nather
Wendy Nather
Commentary
50%
50%

Sexy Monitoring

We examine security monitoring in the context of "sexy defense"

Many security conferences are depressing for CISOs. All the talks seem to be about new ways to break what the CISO is trying to defend, a streaming concatenation onto the end of an infinite to-do list. And many conferences don't want to hear from you unless you're either breaking into something or have been broken into ("lessons learned" presentations are as alluring as those emergency room reality TV shows). Defense is boring: Defense is about painful awareness programs, long audit meetings, being on the receiving end of penetration tests, and patching schedules.

But there are efforts to give security defense a makeover. Paul Asadoorian and John Strand's presentation at SOURCE Boston 2011, "Bringing Sexy Back," and Iftach Ian Amit's "Sexy Defense" paper and Black Hat 2012 talk are both examples of prominent industry members lending their bad-boy cachet to the safety patrol. In one of the surest signs that defense is starting to become of general interest even to the hard-core hackers, Black Hat instituted a defense track in this year's USA conference. (Granted, some of the talks had elements of "hacking back," but it's a start.)

There are other reasons why defense discussions have traditionally been out of the limelight, except at carefully chosen insider events. Publicly describing a defense strategy, especially if you imply it's a good one, can get you virtually de-pantsed, sometimes in the middle of your presentation. And talking about any incidents carries public relations and legal implications that most organizations don't want to touch.

But one thing that Anonymous, Lulzsec, and others have done for the industry (wait, wait, let me finish) is to democratize security breaches. The large number of varied targets -- ones that couldn't hide their incidents -- made it a little easier for the traditionally close-mouthed entities to come forward as well. Because it could happen to anyone, it was easier for everyone to talk about it. This trend has been helped, of course, by periodic "state of security" incident reports from those vendors that have had to investigate breaches in large numbers. When sufficiently detailed breach narratives become more popular than product data sheets and white papers, then you're onto something.

And if you're already talking about breaches, you might as well start talking about countermeasures. This has opened the door for defense-oriented vendors and service providers to enter the commercial space in larger numbers -- not just to talk to the Fortune 500, but to verticals across the board. Throw in some really good marketing, and you have defense that is reasonably alluring, if not outright sexy.

What does this mean for security monitoring? It can be one of the most interesting parts of defense: tracking and catching the bad guys. This gives SIEM, forensics, and incident response firms a larger boost than they've previously had. When it becomes "sexy" to talk about using these offerings, it can only help to reach a wider set of prospective customers. Thanks to the democratization of public breaches, plus more open dialogue helped along by more voluminous and higher-quality incident data sharing, and adoption by hackers with street cred, full-time defenders have a hope of getting on-stage and sharing the audience.

Now that defense is sexy, we can start planning our makeover for defense's even plainer cousin: compliance.

Wendy Nather is Research Director of the Enterprise Security Practice at the independent analyst firm 451 Research. You can find her on Twitter as @451wendy. Wendy Nather is Research Director of the Enterprise Security Practice at independent analyst firm 451 Research. With over 30 years of IT experience, she has worked both in financial services and in the public sector, both in the US and in Europe. Wendy's coverage areas ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVE-2014-9709
Published: 2015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.