Detection Oriented Security Architecture, with Kevin Fiscus
Detection Oriented Security Architecture
Risk can be defined as the likelihood that a threat exploits and vulnerability causing harm. To reduce risk, at least one factor in that definition must be reduced. There is little that can be done, in most cases, to reduce the threat leaving us with vulnerabilities and harm.
Security programs and security professionals have spend decades attempting to substantially reduce risk associated with vulnerabilities without significant success. As a result, we are left with attempting to reduce harm.
According the recent Ponemon Institute Cost of a Data Breach studies, one of the biggest factors in determining breach cost is dwell time: the amount of time an attacker is present in the network before detection, therefore reducing dwell time can significantly reduce breach cost and thus reduce overall risk.
The obvious goals therefore becomes to detect and respond to attacks as quickly as possible. This goal has resulted in myriad technologies that focus on "detection and response" such as EDR, ITDR, NDR, XDR, and SOAR. Unfortunately, if we achieved the goal of rapid detection and immediate response, we would actually be making our security worse and giving the attacker a significant advantage.
In this webinar we will discuss why automated detection and response is a concept that will always fail and we will discuss what a truly detection oriented security architecture would look like.
#detectionEngineering #infosec #blueteam
More Articles
Is Consulting More Risky than having a “Job” ?
Is consulting risky – specifically is it more risky than having a full time job?
The conventional wisdom says “yes” – and is absolutely wrong! Maybe it was “once upon a time but it isn’t now.”
If you have a job and lose it, you are unemployed – it’s binary: “job” or “no job.” And unfortunately people lose their jobs, especially during difficult times.
Consultants typically have multiple clients. If you lose a client, you still have others. Typical consultants have 3-6 clients per year. If one client doesn’t have any work for you, perhaps they “fire” you, go out of business, or are having a difficult time, you still have work from other clients.