Detection Oriented Security Architecture, with Kevin Fiscus
Detection Oriented Security Architecture
Risk can be defined as the likelihood that a threat exploits and vulnerability causing harm. To reduce risk, at least one factor in that definition must be reduced. There is little that can be done, in most cases, to reduce the threat leaving us with vulnerabilities and harm.
Security programs and security professionals have spend decades attempting to substantially reduce risk associated with vulnerabilities without significant success. As a result, we are left with attempting to reduce harm.
According the recent Ponemon Institute Cost of a Data Breach studies, one of the biggest factors in determining breach cost is dwell time: the amount of time an attacker is present in the network before detection, therefore reducing dwell time can significantly reduce breach cost and thus reduce overall risk.
The obvious goals therefore becomes to detect and respond to attacks as quickly as possible. This goal has resulted in myriad technologies that focus on "detection and response" such as EDR, ITDR, NDR, XDR, and SOAR. Unfortunately, if we achieved the goal of rapid detection and immediate response, we would actually be making our security worse and giving the attacker a significant advantage.
In this webinar we will discuss why automated detection and response is a concept that will always fail and we will discuss what a truly detection oriented security architecture would look like.
#detectionEngineering #infosec #blueteam
More Articles
Consulting Clients - Two (Good!) Surprises
Two surprising (and good!) facts - as an independent consultant, you don't need a lot of clients because:
1) Some clients will stay clients for a very long time. Sometimes the term "mothership" clients has been used. I have several clients that have been clients for 8 to 20+ years including The SANS Institute, The Open Software Foundation, and Digital Equipement Corporation (DEC).
Other multiyear clients have included Cisco, IBM, The Royal Hong Kong Jockey Club, The Singapore Ministry of Education, and many others.
2) Some clients will give you a lot of work.
It may be 50 to 80% of your work at times.
Right now I have a great client who is giving me 50-60% of my work.And no surprise, some clients will be long term clients who also give you a lot of work!
So, you can be an extremely successful independent consultant without needing lots of clients.Some of my other videos (as well as my book) go into how to get clients.
Consulting: Your Most Likely Clients
Let’s talk about who is most likely to hire you as a consultant. The answer isn’t a surprise, it’s simply people you have worked with before.
Here is the great news: You have already worked with people before. And no doubt successfully, at least the majority of them.
Who are they? Where are they now?
This includes people at your current organization, people at previous organizations where you worked, and absolutely people who have moved to new organizations.
These people don’t need to think you are a Rock Star, they don’t even need to like you. They simply need to respect you. If you are professional and get the job done, the vast majority of people will respect you whether you have become friends with them or not.Think about who these people are.
You may even want to start jotting down a list. They are the most likely people to come to you with work, the easiest to approach for work, and the most likely to provide referrals and more.
Consulting Case Study: He Never wanted to leave his job!
Doc Blackburn had a job he loved and never planned on leaving. He worked for the University of Colorado, Anschutz Medical Campus, in cybersecurity. When he spoke about his job, and he often did, I was jealous even though I had abandoned the idea of traditional employment, the “job” idea, happily many decades ago. ...
Idea or Team
What's more important, a great idea or a great team when undertaking a new venture - it could be a startup or a significant project or similar?