Perimeter
8/21/2012
04:59 PM
Wendy Nather
Wendy Nather
Commentary
50%
50%

Sexy Monitoring

We examine security monitoring in the context of "sexy defense"

Many security conferences are depressing for CISOs. All the talks seem to be about new ways to break what the CISO is trying to defend, a streaming concatenation onto the end of an infinite to-do list. And many conferences don't want to hear from you unless you're either breaking into something or have been broken into ("lessons learned" presentations are as alluring as those emergency room reality TV shows). Defense is boring: Defense is about painful awareness programs, long audit meetings, being on the receiving end of penetration tests, and patching schedules.

But there are efforts to give security defense a makeover. Paul Asadoorian and John Strand's presentation at SOURCE Boston 2011, "Bringing Sexy Back," and Iftach Ian Amit's "Sexy Defense" paper and Black Hat 2012 talk are both examples of prominent industry members lending their bad-boy cachet to the safety patrol. In one of the surest signs that defense is starting to become of general interest even to the hard-core hackers, Black Hat instituted a defense track in this year's USA conference. (Granted, some of the talks had elements of "hacking back," but it's a start.)

There are other reasons why defense discussions have traditionally been out of the limelight, except at carefully chosen insider events. Publicly describing a defense strategy, especially if you imply it's a good one, can get you virtually de-pantsed, sometimes in the middle of your presentation. And talking about any incidents carries public relations and legal implications that most organizations don't want to touch.

But one thing that Anonymous, Lulzsec, and others have done for the industry (wait, wait, let me finish) is to democratize security breaches. The large number of varied targets -- ones that couldn't hide their incidents -- made it a little easier for the traditionally close-mouthed entities to come forward as well. Because it could happen to anyone, it was easier for everyone to talk about it. This trend has been helped, of course, by periodic "state of security" incident reports from those vendors that have had to investigate breaches in large numbers. When sufficiently detailed breach narratives become more popular than product data sheets and white papers, then you're onto something.

And if you're already talking about breaches, you might as well start talking about countermeasures. This has opened the door for defense-oriented vendors and service providers to enter the commercial space in larger numbers -- not just to talk to the Fortune 500, but to verticals across the board. Throw in some really good marketing, and you have defense that is reasonably alluring, if not outright sexy.

What does this mean for security monitoring? It can be one of the most interesting parts of defense: tracking and catching the bad guys. This gives SIEM, forensics, and incident response firms a larger boost than they've previously had. When it becomes "sexy" to talk about using these offerings, it can only help to reach a wider set of prospective customers. Thanks to the democratization of public breaches, plus more open dialogue helped along by more voluminous and higher-quality incident data sharing, and adoption by hackers with street cred, full-time defenders have a hope of getting on-stage and sharing the audience.

Now that defense is sexy, we can start planning our makeover for defense's even plainer cousin: compliance.

Wendy Nather is Research Director of the Enterprise Security Practice at the independent analyst firm 451 Research. You can find her on Twitter as @451wendy. Wendy Nather is Research Director of the Enterprise Security Practice at independent analyst firm 451 Research. With over 30 years of IT experience, she has worked both in financial services and in the public sector, both in the US and in Europe. Wendy's coverage areas ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

CVE-2014-7142
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?