| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Much of what appears to be happening in information security seems to be focused on replacing humans with magic boxes and automation rather than providing tools to augment human capabilities. However, when we look at good physical security we see technology is being used to augment human capabilities rather than simply replace them. The adversary is human so we are ultimately looking for human directed behaviors. If analysts don't know how to go looking for evil without automated detection tools then they are not going to be able to effectively evaluate if the detection tools are working properly or if the deployment was properly engineered. An over reliance on automated detection also puts organizations in a position of paying protection money if they want to remain secure. We should be spending more resources on honing analyst hunting skills to find human adversaries rather than purchasing more automated defenses for human adversaries to bypass. Sean is just this guy you know. Sean's career in the InfoSec field began as a network defender in the USAF where he later transitioned to an attacker role with an aggressor squadron. After leaving the Air Force he has spent most of his career developing tools and techniques for intrusion detection for both DoD and private companies. He moved to the Bay Area as an early member of Mandiant's Redwood City SOC focusing on advanced detection methods and now works at Yahoo! working on projects such as GRR
for effective intrusion detection and response.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast