Which are you? More like 007 or TJ Hooker (which is cooler to you)? \u00a0We all want to be the suave figure in the snappy black tie with a martini shaken, not stirred (personally its whiskey, neat) but you get the idea.\u00a0 What I am asking you are you busy investigating traffic crimes, writing your users tickets like T.J. Hooker?\u00a0 Or are you hunting for Red October?<\/p>\n
Sometime ago we shifted our cyber criminal culture to something akin to being cops, yes cops are important, take them away and you get bedlam. But cops (for the most part) investigate crimes that already happened. Just like most cyber security teams do, they investigate breeches or violations after they happen. Why do incident response teams and companies make so much? Why wouldn\u2019t we pay more for people to prevent it in the first place, maybe some sort of front line cyber defense group watching your IP and your users and names, wait we do have some of those (do they work?).<\/p>\n
So shift the cyber security model to being Spy\u2019s, not only is it cooler but also it\u2019s more productive. Let machines do the cop part, enforce policy and limit user interaction, humans need to make the hard call, fuzzy logic stuff. Let\u2019s get to a culture where Phillip K. **bleep** is our role model in security and products are \u2018Minority Reporting\u2019 rather than \u2018piles of reporting\u2019?<\/p>\n
I think its by security automation, we demand (not ask) that security vendors stop selling us point solutions that meet a specific need but are part of a greater solution. Today you have 7? 10? Security products that talk to each other how, do they meet in the SEIM? How is that working? (Lot\u2019s of swivel chair administration?) Seriously, why can\u2019t my IDS trigger a scan from my vulnerability scanner, triggering an endpoint remediation? STIX and TAXI promise some of this, but I fail to see how they can at all deliver specific solutions from generic protocol, ask a hacker how to compromise STIX and get back to me.<\/p>\n
If security professionals continue to accept things as they are, we will be in worse shape in 5 years.\u00a0 Today even the most secure networks work as-if compromised continually. Why is that? Because we cannot even detect most compromises until long after they happen. How long is the average breech-to-detection? (It\u2019s 200 days) seriously? How long is the average remediation? (21 days) seriously?<\/p>\n
So lets consider no waiting for the breech, stop-playing cop. Lets dig into our data, know what is valuable in our network. Stop playing cop at the edge and remember that like the Matrix\u00a0 \u2018There is no spoon\u2019 (or in this case there is no edge) the user is the endpoint, not the device.<\/p>\n
Lets build a culture of security, secure applications by design, build secure networks, and secure data. Stop thinking encrypt it all, and start thinking \u2018why do we have this in the first place\u2019. Ask your application developers \u2018why do we need the social security number\u2019 or \u2018why do we store that data\u2019 and not \u2018how are we encrypting it\u2019. See where tokenization, and just plain anonymity for our users is possible. A breech is really different when you can report \u2018we don\u2019t have any PII, we don\u2019t store it\u2019<\/p>\n
See you at the Casino Royale\u2026I will take a Whiskey Neat<\/p>\n
*Jaron Lanier (thanks dude)<\/p>\n","protected":false},"excerpt":{"rendered":"
Which are you? More like 007 or TJ Hooker (which is cooler to you)? \u00a0We all want to be the suave figure in the snappy black tie with a martini shaken, not stirred (personally its whiskey, neat) but you get the idea.\u00a0 What I am asking you are you busy investigating traffic crimes, writing your […]<\/p>\n","protected":false},"author":205,"featured_media":2727,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[16,32,15,36],"class_list":{"0":"post-2726","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-infoblox","9":"tag-malware","10":"tag-security","11":"tag-threats","12":"entry"},"acf":[],"yoast_head":"\n