Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

11/12/2015
12:30 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Solving Security: If You Want Something New, Stop Doing Something Old

Black Hat Europe keynoter Haroon Meer tells security pros to work smarter, think out of the box, and speak out to the C-suite.

BLACK HAT EUROPE -- Amsterdam --  Black Hat Europe keynote speaker Haroon Meer, founder of Thinkst, took some shots at a few sacred security cows Thursday during the opening session at RAI Amsterdam Thursday. His presentation, “What Got You Here Won't Get You There,” exhorted hundreds of cyberdefenders in the audience to focus on what’s important in the many battles they face and, more importantly, ignore the distractions.

“Every day we seem to pump out more code, connect more machines, and collect more data than ever before," he said. "Malicious actors have been making out like bandits and intelligence agencies have been owning (and pre-owning) the planet while your average large-company Infosec team is still struggling with the problems we knew about in the 90s.”

At the same time, corporate boards are becoming more involved in assuring people that everything is under control.  But “the truth is,” Meers said, “they have very few answers; when it comes to the major breaks [in recent years] organizations have spent a lot of money and they just couldn’t stop them.”

Worse, only the largest companies -- the top 100 of the Fortune 500 -- have a “genuine shot” at ever successfully playing the game of cyber defense, he said. “After that, the rest are the "toasted 400” and they don’t even know they’re toast?!  Everyone I know understands that every attack going back to 2003 still works the same way.”

Meer, riffing on the popular 2007 self-help book by executive coach Marshall Goldsmith, noted several reasons for the current state of insecurity: the increasing complexity of the IT environment, the widespread availability of hacking tools in the mainstream, and the growing awareness of the value of data. “Even junior staff members know now that access matters,” he said pointing to Julian Assange of WikiLeaks fame.

Meer was not without solutions. But, first he said the industry has to throw away a lot of pre-conceived notions: “What you think helps, doesn’t. And worse, it’s probably harmful." His list of the “wrong ways”:

Penetration testing: The industry performs them routinely, but it doesn’t seem to help, according to Meer. One reason is because he said pen testers don’t focus enough on important attack vectors -- for example, web browsers. But he also said the industry also is overly dependent on pen tests “because they are easy. It feels like you are doing something and it delivers a result.”

Defining risk: “We have to stop referring to breaches in terms of numbers of records lost,” he said, noting that there is a “big difference between the loss of 80 million records at Anthem and a defense contractor losing the plans to a brand new fighter jet.”

Big Data: “More data won’t fix everything when we still cannot even connect the dots we have now.”

Choosing complexity over simplicity: “People want complexity when simple works,” he said pointing to proven tools like honeypots and The Enhanced Mitigation Experience Toolkit. “Take the best of what you can find that will do the job you need to do.”

Saying “no” to new ideas.  At Etsy, Meer said that management encourages security teams to think out of the box with “crazy ideas” and then to enable them. “What we need is to become solutions engineers, to focus on incident response and create not buy solutions,” he said.

Finally Meers strongly advocated that security professionals become more social, visible, and vocal; to stop being the folks “in the corner.”  

“Your job is to make management get it," he said. “If you can’t do that, then you should change jobs because either they’ll never get it, or you’ll never break through.”

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27187
PUBLISHED: 2020-10-26
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related command...
CVE-2020-7752
PUBLISHED: 2020-10-26
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVE-2020-7127
PUBLISHED: 2020-10-26
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVE-2020-7196
PUBLISHED: 2020-10-26
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the ur...
CVE-2020-7197
PUBLISHED: 2020-10-26
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* U...