Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Security Ops Confidence Levels Drop
Newest First  |  Oldest First  |  Threaded View
RyanSepe
RyanSepe,
User Rank: Ninja
9/15/2014 | 2:24:35 PM
Re: Glass Half Full
I agree with both these points. I think investing in appropriate security infrastructure, people and processes is a good start. But also to point out, I think that current infrastructure isn't always used properly. Before adding on to whats already on your plate, an enterprise should definitely refine their current infrastructure. Things such as policy and access control can definitely fall into this realm. You don't want to fill your plate up with more projects before understanding that there security measures that could be taken proactively.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
9/15/2014 | 9:52:49 AM
Re: Glass Half Full
@StudiousMonkey, Your point is well-taken about the "glass-full" benefit of the growing number of data breaches.. Or to use another metaphor -- the squeaky wheel -- the more frequently execs in the C-suite & the corporate boards they report to have to ask their SOC teams "are we vulnerable to .... (fill ih the data breach du jour), maybe they will be more open to investing in appropriate security infrastructure, people and processes. 
aws0513
aws0513,
User Rank: Ninja
9/15/2014 | 9:47:30 AM
Rally the troops!!
I am trying to put on my surprised face, but for some reason it just will not stick.

It is reminescent of the disenchantment that police forces around the world constantly struggle with.  The perception that all they are doing is spinning their wheels, nothing they are doing is helping stem the tide, and that the world is still falling down around them.

A long time ago, I was reminded by an old and hardened soldier that specialized in physical security programs that the achilles heal of security forces mindset is the lack of hard evidence that the work they are doing is making a difference. 
Basically, when security is working...  very little happens.  And when something does happen, the drama of the event is amplified by the expectation that the security team could have prevented it if [insert extraordinary preventative measure here].  Everything is amplified...  including the sense of despair and wasted effort.
His attitude was this: If he didn't do his job to the best of his ability and knowledge, what would the alternative look like?  
In his summation: Far far worse than what exists today.

The cybersecurity war will always be ongoing...  just like the law enforcement war on crime in the physical world.
But to let up or give up should not be an option. 
I can relate to the disenchantment feelings.  Many times I have felt that something I have implemented or something I am doing is wasteful or useless.  

Take faith that even though you do not see any malicious activities in your various security logs, the fact that your logs are working (if you test them properly) should be an indication that your efforts are demonstrating diligence.  When bad things happen, odds are better that you are more likely to notice some kind of badness and respond in a timely manner.
Take faith that when you do find something bad within your perimeter, that it 1) has been found and 2) you and your counterparts are remediating the problem and 3) you have an indicator of what more needs to be done to mitigate the action from happening again.

If we are doing our jobs, then we are all learning what works... and what doesn't...  all the time.
Constantly improving our fighting position. 
Constantly learning about how adversaries are attempting to breach the perimeters and/or matriculate our ever bristling bastions of security controls.
Constantly working with other security pros to share information and techniques that can help us protect against the unforseen threats around us.
Constantly vigilant in our efforts to identify malicious activities and remediated them before they can do any undo harm.

Keep up the good fight out there folks! 
The alternative should not be an option to consider.

(Note: I hope this is helpful on a Monday morning.  Everyone out there should know that if they are trying the help improve security in their IT environments, they are on the good side of the fight.)
StudiousMonkey
StudiousMonkey,
User Rank: Apprentice
9/15/2014 | 8:59:01 AM
Glass Half Full
Why do people keep referencing Target as an excuse to back away from security infrastructure technologies?


The Target breach was a 100% percent incident response and process fail. FireEye was able to generate the alarms, but ultimately people and process failed.


I don't see security infrastructure as a "gigantic waste of money". Obviously if you rely on it 100% without the proper process and people watching the castle, things will fail.


I'm getting sick and tired of this doom & gloom attitude everyone is walking around with.

Being 100% blue team is not easy, but it's not impossible. These breaches are actually a good thing because it raises the brow of top-level execs that don't want their 7 figure salaries and bonuses compromised by a breach.

We just need to keep working together as a community until we finally end up on the winning side.

Hey, if anything, it keeps us gainfully employed and keeps the job interesting.

Glass half-full people!

 
anon8047814633
anon8047814633,
User Rank: Apprentice
9/13/2014 | 3:41:46 PM
WOW
Good reading, yet scary, because America is not ready for a Cyber War.  Something needs to get done now or else it will be too late!!!  Thanks again Ericka and keep up the great work!!!


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42003
PUBLISHED: 2022-10-02
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVE-2022-42004
PUBLISHED: 2022-10-02
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CVE-2022-42002
PUBLISHED: 2022-10-01
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-39268
PUBLISHED: 2022-09-30
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end use...
CVE-2022-34428
PUBLISHED: 2022-09-30
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.