Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Security Ops Confidence Levels Drop
Oldest First  |  Newest First  |  Threaded View
anon8047814633
50%
50%
anon8047814633,
User Rank: Apprentice
9/13/2014 | 3:41:46 PM
WOW
Good reading, yet scary, because America is not ready for a Cyber War.  Something needs to get done now or else it will be too late!!!  Thanks again Ericka and keep up the great work!!!
StudiousMonkey
50%
50%
StudiousMonkey,
User Rank: Apprentice
9/15/2014 | 8:59:01 AM
Glass Half Full
Why do people keep referencing Target as an excuse to back away from security infrastructure technologies?


The Target breach was a 100% percent incident response and process fail. FireEye was able to generate the alarms, but ultimately people and process failed.


I don't see security infrastructure as a "gigantic waste of money". Obviously if you rely on it 100% without the proper process and people watching the castle, things will fail.


I'm getting sick and tired of this doom & gloom attitude everyone is walking around with.

Being 100% blue team is not easy, but it's not impossible. These breaches are actually a good thing because it raises the brow of top-level execs that don't want their 7 figure salaries and bonuses compromised by a breach.

We just need to keep working together as a community until we finally end up on the winning side.

Hey, if anything, it keeps us gainfully employed and keeps the job interesting.

Glass half-full people!

 
aws0513
50%
50%
aws0513,
User Rank: Ninja
9/15/2014 | 9:47:30 AM
Rally the troops!!
I am trying to put on my surprised face, but for some reason it just will not stick.

It is reminescent of the disenchantment that police forces around the world constantly struggle with.  The perception that all they are doing is spinning their wheels, nothing they are doing is helping stem the tide, and that the world is still falling down around them.

A long time ago, I was reminded by an old and hardened soldier that specialized in physical security programs that the achilles heal of security forces mindset is the lack of hard evidence that the work they are doing is making a difference. 
Basically, when security is working...  very little happens.  And when something does happen, the drama of the event is amplified by the expectation that the security team could have prevented it if [insert extraordinary preventative measure here].  Everything is amplified...  including the sense of despair and wasted effort.
His attitude was this: If he didn't do his job to the best of his ability and knowledge, what would the alternative look like?  
In his summation: Far far worse than what exists today.

The cybersecurity war will always be ongoing...  just like the law enforcement war on crime in the physical world.
But to let up or give up should not be an option. 
I can relate to the disenchantment feelings.  Many times I have felt that something I have implemented or something I am doing is wasteful or useless.  

Take faith that even though you do not see any malicious activities in your various security logs, the fact that your logs are working (if you test them properly) should be an indication that your efforts are demonstrating diligence.  When bad things happen, odds are better that you are more likely to notice some kind of badness and respond in a timely manner.
Take faith that when you do find something bad within your perimeter, that it 1) has been found and 2) you and your counterparts are remediating the problem and 3) you have an indicator of what more needs to be done to mitigate the action from happening again.

If we are doing our jobs, then we are all learning what works... and what doesn't...  all the time.
Constantly improving our fighting position. 
Constantly learning about how adversaries are attempting to breach the perimeters and/or matriculate our ever bristling bastions of security controls.
Constantly working with other security pros to share information and techniques that can help us protect against the unforseen threats around us.
Constantly vigilant in our efforts to identify malicious activities and remediated them before they can do any undo harm.

Keep up the good fight out there folks! 
The alternative should not be an option to consider.

(Note: I hope this is helpful on a Monday morning.  Everyone out there should know that if they are trying the help improve security in their IT environments, they are on the good side of the fight.)
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/15/2014 | 9:52:49 AM
Re: Glass Half Full
@StudiousMonkey, Your point is well-taken about the "glass-full" benefit of the growing number of data breaches.. Or to use another metaphor -- the squeaky wheel -- the more frequently execs in the C-suite & the corporate boards they report to have to ask their SOC teams "are we vulnerable to .... (fill ih the data breach du jour), maybe they will be more open to investing in appropriate security infrastructure, people and processes. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/15/2014 | 2:24:35 PM
Re: Glass Half Full
I agree with both these points. I think investing in appropriate security infrastructure, people and processes is a good start. But also to point out, I think that current infrastructure isn't always used properly. Before adding on to whats already on your plate, an enterprise should definitely refine their current infrastructure. Things such as policy and access control can definitely fall into this realm. You don't want to fill your plate up with more projects before understanding that there security measures that could be taken proactively.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3454
PUBLISHED: 2021-10-19
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-...
CVE-2021-3455
PUBLISHED: 2021-10-19
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
CVE-2021-41150
PUBLISHED: 2021-10-19
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is c...
CVE-2021-31378
PUBLISHED: 2021-10-19
In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be fo...
CVE-2021-31379
PUBLISHED: 2021-10-19
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these pac...