Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Has Security Ops Outlived Its Purpose?
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Paladium
100%
0%
Paladium,
User Rank: Moderator
3/17/2015 | 4:27:53 PM
Re: Never complain without a solution!
Let me add this final comment. Fund SecOps properly and it won't fail as falsely implied in the original article. As I stated in my original response, when every single company breached over the past two years doubles its SecOps funding ask yourself why. The obvious answer is a great big slap up side the head and a resounding "Oh...".  Also note how many of those breached companies did not have a real, honest to goodness capable SOC.  Just more evidence to make my point.  Use your Googlefoo to find the answer.  It will shock you.
bhanstiu
100%
0%
bhanstiu,
User Rank: Strategist
3/17/2015 | 3:34:29 PM
Re: Never complain without a solution!
It's a pipe dream right now :) Maybe someday something like it will become the standard (the 'cloud' is moving in that direction), which will then become the primary target, become more and more vulnerable, until a newer model becomes the standard, lather rinse repeat. Crime is not going away. It has always been part of the human condition, and will remain so as long as we are human.
TalKlein
50%
50%
TalKlein,
User Rank: Author
3/17/2015 | 3:24:25 PM
Re: Never complain without a solution!
FWIW, many of the people who "disagree" with the article are more upset with the fact that I didn't posit a magic bullet that solves for the problem statement. Rather than attempt to solve the problem by "fixing the SOC" I believe we need to solve for the SOC itself - whatever we come up with cannot possibly look like a SOC because a centralized model isn't working. I sympathize with many of the commenters because they may perceive the article as an attack on their livelihood, but my intent was to catalyze some thinking to challenge the increasingly ineffective status quo. 
TalKlein
50%
50%
TalKlein,
User Rank: Author
3/17/2015 | 3:20:13 PM
Re: Not even fully deployed with most organizations
The heading and the article are aligned, though the first may be more bombastic than the latter. Ultimately what I'm saying is that the current SOC approach is provably failing. While another commenter seemed to be upset that I pointed out the problem without offering a solution, I think the first part of solving the problem is admitting that it exists.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
3/17/2015 | 11:03:49 AM
Re: Never complain without a solution!
Is this your vision, @bhanstiu. Or is it somethng that is actually happening in your company, or elsewhere?
bhanstiu
100%
0%
bhanstiu,
User Rank: Strategist
3/17/2015 | 10:59:46 AM
Re: Never complain without a solution!
Thanks for the reply. I do not think the answer is more people, and more tools. It is getting a functional team together, that is dedicated, secure in thier jobs and skillsets, and an organizational understanding that security is not a black hole expense- it is insurance for the future, and although costly today, it will mean profitability (and continued gainful employment) tomorrow.

The current road most businesses are sticking with is a very 1990's model of the network (thousands of endpoints, physically dispersed, with important data stored on each of them), which has proven to be very vulnerable in a great many ways- too many for ANY team to be able to manage. A new network model needs to be implemented, namely, getting out of the watch all the things for something out of the ordinary, to watch your data, how it moves, and where it's trying to go. If you know where your data lives, in a physically secure locatioon, and the only way anyone gets to see the data is within those physical boundaries (the data center), then all you have to do is watch for data trying to leak out of the data center, rather than watching each and every distributed endpoint for nefarious activity. Virtualization, where no one ever removes data from the datacenter without a process to monitor that activity, much like a change control process, will dramatically change the threat landscape. It won't be so easy to take data, it won't require so many eyes looking at so many things.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
3/17/2015 | 8:59:52 AM
Re: Never complain without a solution!
Pick two: Inexpensive, Quality, Fast implementation. You can't have all three.

Great point @bhanstiu.Sounds like what you are saying is that the problem is not that security ops has outlived its purpose. Rather, that SecOps doesn't have the attention/resources that it needs to succeed. Here's my question: do you think the solution is more tools and people? Or there a bigger,more fundamental  issue that needs to be addressed?
bhanstiu
0%
100%
bhanstiu,
User Rank: Strategist
3/16/2015 | 5:40:47 PM
Re: Never complain without a solution!
This sums up the problem far more accurately than the article. Avoiding the reality that security operations is an expense that most boardrooms ignore until it is too late, provides no impetus for the boardrooms to change the profit driven behavior of ignoring ugly expenses in the name of short term gains (and lucrative bonuses).

Any organization with a desire to remain profitable, and viable into the future would do well to stop blaming 'incompetent staff', and start accepting the blame for not doing what it should have done 5 years ago: invest in security teams, properly train staff, and provide funds for the right tools (ie. quit making your admins force square pegs into round holes to save a dollar).

Pick two: Inexpensive, Quality, Fast implementation. You can't have all three, no matter how much you demand it from your staff, nor how loudly you proclaim your desires. It's what is known as IMPOSSIBLE. So is defending your 10,000 node network with 10 people, no training, and old tools which were never meant to protect the environment.

 

 
Andrew Froehlich
100%
0%
Andrew Froehlich,
User Rank: Apprentice
3/16/2015 | 4:29:26 PM
Re: The model will need to become distributed
I like the idea of a distributed security model because of the fact that it creates more accountability for each individual security unit. When all of IT security is under a single umbrella, it's easy for the SOC managers to simply shrug their sholders and say that they were focused on something else security related. With a distributed approach, it breaks out responsibilities into managable segments and each group will then control accountability for said segment.
Paladium
67%
33%
Paladium,
User Rank: Moderator
3/16/2015 | 11:09:46 AM
Never complain without a solution!
I really wish these articles actually proposed solutions instead of throwing darts.  Never, ever complain without a solution! 

If its time has come and gone as your headline suggests, what do you propose to replace SecOps with?  Let me guess, some third party security firm, right?  If yes then this is really about organizations unwilling to properly invest in SecOps, third party security firms trying to generate more revenue, and nothing to do with the existing SecOps staff or their abilities. 

Let me assure you that this is not SecOps fault by a long shot.  We continue to do everything we can to shoulder the security burden despite limited staff, outdated or incomplete security technologies, and ZERO training $$$.  As others have said, every single breach over the past two years has resulted in a major reinvestment in cyber security.  Why is that?  To a degree it is reactionary, but at the end of the day it's because the organizations FAILED TO FUND SecOps properly in the first place.  There is NO escaping that brutal fact.

Let me go old school for a moment.  Do you have life insurance to protect your family in the unfortunate event that you croak?  Do you have enough insurance to take care of them for several years, or maybe for the rest of their lives?  Did YOU invest enough?  If you were to pass away and don't have enough life insurance who suffers the consequences?  Your family does.  So if you care enough about your family then you will invest properly in that insurance policy.  Bottom line! 

Now to bring it home.  If a company cares enough about its customers, its future, its investors, then maybe it should invest properly in its SECURITY.  It's not complicated at all.  Old school...

As the saying goes, "You get what you pay for..."
Page 1 / 2   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381
PUBLISHED: 2021-04-18
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374
PUBLISHED: 2021-04-18
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375
PUBLISHED: 2021-04-18
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376
PUBLISHED: 2021-04-18
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377
PUBLISHED: 2021-04-18
This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.