Detection Oriented Security Architecture, with Kevin Fiscus

Detection Oriented Security Architecture

Risk can be defined as the likelihood that a threat exploits and vulnerability causing harm. To reduce risk, at least one factor in that definition must be reduced. There is little that can be done, in most cases, to reduce the threat leaving us with vulnerabilities and harm.

Security programs and security professionals have spend decades attempting to substantially reduce risk associated with vulnerabilities without significant success. As a result, we are left with attempting to reduce harm.

According the recent Ponemon Institute Cost of a Data Breach studies, one of the biggest factors in determining breach cost is dwell time: the amount of time an attacker is present in the network before detection, therefore reducing dwell time can significantly reduce breach cost and thus reduce overall risk.

The obvious goals therefore becomes to detect and respond to attacks as quickly as possible. This goal has resulted in myriad technologies that focus on "detection and response" such as EDR, ITDR, NDR, XDR, and SOAR. Unfortunately, if we achieved the goal of rapid detection and immediate response, we would actually be making our security worse and giving the attacker a significant advantage.

In this webinar we will discuss why automated detection and response is a concept that will always fail and we will discuss what a truly detection oriented security architecture would look like.

#detectionEngineering #infosec #blueteam

More Articles

January 29, 2025

Consulting Case Study: He Never wanted to leave his job!

Doc Blackburn had a job he loved and never planned on leaving. He worked for the University of Colorado, Anschutz Medical Campus, in cybersecurity. When he spoke about his job, and he often did, I was jealous even though I had abandoned the idea of traditional employment, the “job” idea, happily many decades ago. ...

January 17, 2025

Idea or Team

What's more important, a great idea or a great team when undertaking a new venture - it could be a startup or a significant project or similar?

January 16, 2025

Consulting on the Side to Fulltime: A Case Study

Kenneth G Hartman began his career as an electrical engineer working for food manufacturers like Kraft. After about a decade, shortly after 9/11, he joined his brother in a small #startup in the health care space, where he got interested in transitioning into security. We met shortly afterwards in Madison, Wisconsin and we hit it off.Ken has since gone on to work in infosec for internet giants in Silicon Valley, started consulting on the side, and eventually has become a full time consultant.

January 3, 2025

How much does a Great Idea matter ?

How important is a great idea when you are doing something new, whether it's a startup or something else significant?

Most people think the "great idea" is essential, and if you have a truly great idea, life will be easy: it'll be easy to get people to join you, get momentum, get funding if you need it and more.

I will argue that a great idea, although "great," is not as important as people think. We will ignore right now that an idea, regardless of how good, is useless unless someone takes action.

Even with a smashingly great idea, and enormous success, that idea will have changed during implementation, it will have morphed.

It did for Android (they were originally making a camera operating system well before Google bought them), Nintendo (paper playing cards), Nokia (started as a paper mill), YouTube (a dating site), and many more.

My opinion: Don't worry about a great idea; go for the Big Execution!