Thursday, November 01, 2007

Richard On "Proving" Security

Richard Bejtlich + long insightful post = a must read.

It takes you on a fun journey from "Are you secure? - Yes (silence)" all the way to "Are you secure? - Yes, we do not have any indications that our systems are acting outside their expected usage patterns, and we thoroughly collect, analyze, and escalate a variety of network-, host-, and memory-based evidence for signs of violations. We regularly test our detection and response people, processes, and tools against external adversary simulations that match or exceed the capabilities and intentions of the parties attacking our enterprise."

BTW, also check out a slightly bizarre discussion of SEM (SIM, SIEM) in the comments.

Dr Anton Chuvakin