On 29 Sep 2017, at 01:12, the grugq <[email protected]> wrote: > This is not a “bug” issue, it is an architecture issue. You know, if they > threw a canary.io tool into that DMZ and configured it to look like a > database, they’d have known about the hack during that first week. If they > monitored their logs for unusual activity, such as the installation of 30 > webshells, and gigabytes of data going the wrong way. If they had an > architecture that prevented a compromise of a web server enabling access to > sensitive company data. If they had asset management and decommissioned > legacy databases, rather than leaving them in the DMZ.
Just in passing: "Equifax is ISO/IEC 27001:2013 certified by a reputable independent third party.”[0]. Asset management is a core part of ISO27001:2013. Cheers, Arrigo [0] https://www.equifax.com/assets/WFS/the_work_number_best_practices_in_data_security.pdf (1st page) _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
