All the notable, large tech companies and cloud providers roll their own everything. Most of the hyperscale companies buy very little third-party security product. The things they build are everything from a little python glue to massive analytics systems backed by software development teams running on tens of thousands of cores, tens of terabytes of ram, and tens of petabytes of storage.
Automating as much detection through response is the name of the game for both practical and theoretical reasons. Walking the RSA expo floor, I can attest that there are less than a half dozen companies that have any understanding of what it actually looks like and takes to be effective at scale. All the ones that do are because the founders had some exposure to these environments or people that worked in them. If your durable data store is Elasticsearch or Mongodb, you are doing it wrong. Sorry Logrhythm, your choice of datastore and product packaging do not work at cloudscale. You won't find it in Google, Amazon, Facebook, or even Yahoo. Look what AirBNB just open sourced. That is an example of what a small, but cloud and scale aware, team did to solve some of their monitoring and response problems. If you don't get that the most secure place to build your systems are on AWS or Google's clouds, then you don't have any idea about what problems need to be solved to effectively monitor and respond to threats. I will leave that as a thought exercise, though I am happy to elaborate if anyone honestly cares to hear the answers. Dom > On Feb 15, 2017, at 11:47 PM, Tracy Reed <[email protected]> wrote: > > On Wed, Feb 15, 2017 at 08:46:34AM PST, Jordan Wiens spake thusly: >> It sounds like the specific actions and data ingests might be different, >> but the idea of rolling your own automated system hasn't changed a bit in >> ten years. Surprised to not hear more about the approach, but agree >> completely that no one vendor does it, and yet every vendor can easily be a >> part of it. > > In the industry that I see there is huge pressure from the c-suite to > buy a pre-packaged product (aka silver bullet) and strong disincentive > to spend time rolling your own custom franken-solution which the > management will have no faith in because one of their own employees > built it instead of a big name which can boast about magic quadrants and > such. > > -- > Tracy Reed > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
