Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Gartner: super hackers don't exist, they always leave a trace

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

August 25, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Overall, super hackers simply don't exist. Either your incident response plan isn't efficient at all, and you should relish the opportunity to drown in data.

Such are the lessons from incident response fanatic Anton Chuvakin, who also happens to be a vice president at Gartner Security.

The analyst, physicist and former director of Security Warrior Consulting gave delegates of the Gartner Security and Risk Management Conference in Sydney yesterday a crash course on the dos-and-don'ts of security incidence response.

Chuvakin says the way the old school incident response model security people are taught today is ineffective but sadly popular.

He added that, while super hackers do exist somehow, they aren't 'ghosts' per se, and everyone leaves logs at some point or another, and that's what's really important to remember.

He added: "You should deploy more visibility tools. It's likely you don't have enough, even if you think you are drowning in data."

"Many people still think the win is not about being secure, but is about stopping the attackers, and that mindset makes it difficult to do advanced incidence response", he asserted.

Respected security personnel gave something of a condensed interpretation of his incidence response blogs. In it, Chuvakin says that the classification of a security incident is a personal affair that each organization needs to determine according to their risk appetites.

However, the urge to classify a response according to monetary impact should probably be left off the agenda, he says.

"Overall, monetary cost alone is a question that should have been left in the 1990s," Chuvakin says.

He continues: "having a plan is a vastly different thing to actual planning, the latter requiring constant updates such that threat vectors, disaster recovery phone contacts and so on are relevant when the corporate network locks are popped."

"Finding the right people to call during an event rarely works well," he says. He describes continuous incidence response as the mark of a modern security practioner whereby the corporate network is considered breached such that the battle is a daily occurrence of keeping the enemy pinned down on its head.

Chuvakin paints a red cross through the old-school response flow process of prepare, detect, contain, and eradicate, but says it should not be entirely consigned to the incidence response recycling bin.

The method rather needs updating to focus on various indicators of compromise and to have dedicated teams charged with handling separate and dedicated areas of a response process, he added.

Source: Gartner Security.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer