On Tue, Dec 10, 2013 at 6:07 PM, Dave Dittrich <[email protected]> wrote: > On Tue, Dec 10, 2013 at 12:24 PM, Dave Aitel <[email protected]> wrote: > >> People are strange. For example, they often say "You have to assume you >> are compromised!" and then in the very next breath they are buying more >> perimeter equipment like Fireeye and WAF and whatnot. > > To your first point, I would rephrase it as "You have to assume YOU CAN BE > BREACHED" and then accept that of {protection,detection,reaction} (or per > NIST, {identify, protect, detect, respond, and recover}), you spent far too > much money on trivially defeatable "protection" and "detection", and > seriously (to your detriment) UNDERFUNDED "reaction" or "respond and > recover."
BTW, how *BAD* is it, really? Lately I've been hearing numbers like 5-10% of IT security/infosec budget being spent around IR (presumably including the cost of "rinse-and-repeat'ing" those owned boxes. Does it sound about right to the esteemed list members here? -- Dr. Anton Chuvakin Site: http://www.chuvakin.org Twitter: @anton_chuvakin Work: http://www.linkedin.com/in/chuvakin _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
