[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dailydave
Subject:    Re: [Dailydave] Failing at Segue
From:       Anton Chuvakin <anton () chuvakin ! org>
Date:       2013-12-11 17:09:28
Message-ID: CAMprzLqa1bq0zQ0WZqG1bt6OP=X3Tpx668fN25Q-YxjR=TjRRg () mail ! gmail ! com
[Download RAW message or body]

On Tue, Dec 10, 2013 at 6:07 PM, Dave Dittrich <dave.dittrich@gmail.com> wrote:
> On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <dave@immunityinc.com> wrote:
>
>> People are strange. For example, they often say "You have to assume you
>> are compromised!" and then in the very next breath they are buying more
>> perimeter equipment like Fireeye and WAF and whatnot.
>
> To your first point, I would rephrase it as "You have to assume YOU CAN BE
> BREACHED" and then accept that of {protection,detection,reaction} (or per
> NIST, {identify, protect, detect, respond, and recover}), you spent far too
> much money on trivially defeatable "protection" and "detection", and
> seriously (to your detriment) UNDERFUNDED "reaction" or "respond and
> recover."

BTW, how *BAD* is it, really? Lately I've been hearing numbers like
5-10% of IT security/infosec budget being spent around IR (presumably
including the cost of "rinse-and-repeat'ing" those owned boxes. Does
it sound about right to the esteemed list members here?

-- 
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Twitter: @anton_chuvakin
Work: http://www.linkedin.com/in/chuvakin
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
[prev in list] [next in list] [prev in thread] [next in thread]