Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Security Ops Confidence Levels Drop
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/15/2014 | 2:24:35 PM
Re: Glass Half Full
I agree with both these points. I think investing in appropriate security infrastructure, people and processes is a good start. But also to point out, I think that current infrastructure isn't always used properly. Before adding on to whats already on your plate, an enterprise should definitely refine their current infrastructure. Things such as policy and access control can definitely fall into this realm. You don't want to fill your plate up with more projects before understanding that there security measures that could be taken proactively.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/15/2014 | 9:52:49 AM
Re: Glass Half Full
@StudiousMonkey, Your point is well-taken about the "glass-full" benefit of the growing number of data breaches.. Or to use another metaphor -- the squeaky wheel -- the more frequently execs in the C-suite & the corporate boards they report to have to ask their SOC teams "are we vulnerable to .... (fill ih the data breach du jour), maybe they will be more open to investing in appropriate security infrastructure, people and processes. 
aws0513
50%
50%
aws0513,
User Rank: Ninja
9/15/2014 | 9:47:30 AM
Rally the troops!!
I am trying to put on my surprised face, but for some reason it just will not stick.

It is reminescent of the disenchantment that police forces around the world constantly struggle with.  The perception that all they are doing is spinning their wheels, nothing they are doing is helping stem the tide, and that the world is still falling down around them.

A long time ago, I was reminded by an old and hardened soldier that specialized in physical security programs that the achilles heal of security forces mindset is the lack of hard evidence that the work they are doing is making a difference. 
Basically, when security is working...  very little happens.  And when something does happen, the drama of the event is amplified by the expectation that the security team could have prevented it if [insert extraordinary preventative measure here].  Everything is amplified...  including the sense of despair and wasted effort.
His attitude was this: If he didn't do his job to the best of his ability and knowledge, what would the alternative look like?  
In his summation: Far far worse than what exists today.

The cybersecurity war will always be ongoing...  just like the law enforcement war on crime in the physical world.
But to let up or give up should not be an option. 
I can relate to the disenchantment feelings.  Many times I have felt that something I have implemented or something I am doing is wasteful or useless.  

Take faith that even though you do not see any malicious activities in your various security logs, the fact that your logs are working (if you test them properly) should be an indication that your efforts are demonstrating diligence.  When bad things happen, odds are better that you are more likely to notice some kind of badness and respond in a timely manner.
Take faith that when you do find something bad within your perimeter, that it 1) has been found and 2) you and your counterparts are remediating the problem and 3) you have an indicator of what more needs to be done to mitigate the action from happening again.

If we are doing our jobs, then we are all learning what works... and what doesn't...  all the time.
Constantly improving our fighting position. 
Constantly learning about how adversaries are attempting to breach the perimeters and/or matriculate our ever bristling bastions of security controls.
Constantly working with other security pros to share information and techniques that can help us protect against the unforseen threats around us.
Constantly vigilant in our efforts to identify malicious activities and remediated them before they can do any undo harm.

Keep up the good fight out there folks! 
The alternative should not be an option to consider.

(Note: I hope this is helpful on a Monday morning.  Everyone out there should know that if they are trying the help improve security in their IT environments, they are on the good side of the fight.)
StudiousMonkey
50%
50%
StudiousMonkey,
User Rank: Apprentice
9/15/2014 | 8:59:01 AM
Glass Half Full
Why do people keep referencing Target as an excuse to back away from security infrastructure technologies?


The Target breach was a 100% percent incident response and process fail. FireEye was able to generate the alarms, but ultimately people and process failed.


I don't see security infrastructure as a "gigantic waste of money". Obviously if you rely on it 100% without the proper process and people watching the castle, things will fail.


I'm getting sick and tired of this doom & gloom attitude everyone is walking around with.

Being 100% blue team is not easy, but it's not impossible. These breaches are actually a good thing because it raises the brow of top-level execs that don't want their 7 figure salaries and bonuses compromised by a breach.

We just need to keep working together as a community until we finally end up on the winning side.

Hey, if anything, it keeps us gainfully employed and keeps the job interesting.

Glass half-full people!

 
anon8047814633
50%
50%
anon8047814633,
User Rank: Apprentice
9/13/2014 | 3:41:46 PM
WOW
Good reading, yet scary, because America is not ready for a Cyber War.  Something needs to get done now or else it will be too late!!!  Thanks again Ericka and keep up the great work!!!


How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.