tag:blogger.com,1999:blog-4088979.post2509103913513593872..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Incident Detection MindsetRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4088979.post-63937532964634123132010-10-08T23:14:19.095-04:002010-10-08T23:14:19.095-04:00Incident detection is something I've been focu...Incident detection is something I've been focusing on lately and I'm disappointed I couldn't make the Summit.<br /><br />How can you tell if your corporate laptop or Blackberry is owned? NSM is required. If you see the device communicating with hosts in the .cn, that's pretty suspicious for many organizations.<br /><br />But what if your BES is owned and your Blackberry only communicates with the BES? You need visibility into the BES. You need to monitor more than just the end point, you need to monitor the infrastructure.<br /><br />What if your BES has to regularly check in with RIM and RIM is owned? How can you know your company's data isn't trickling out a few bytes at a time over a period of months?<br /><br />How well does this scale when you're dealing with an enterprise as large as yours?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-62693415634731250622009-09-02T14:41:01.531-04:002009-09-02T14:41:01.531-04:00Anything can be taught, but what CAN'T be taug...Anything can be taught, but what CAN'T be taught is the passion for security which I think is a pre-requisite for the incident detection mindset to really be ingrained. We need more people who think that way to win within security.MegLnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-73045343518168826512009-08-13T21:41:28.733-04:002009-08-13T21:41:28.733-04:00Sorry, dude. No self-respecting professional organ...Sorry, dude. No self-respecting professional organization would use the StarCraft font. Looks like the security biz is still smoking its own hype.Oedipus McGillicuddynoreply@blogger.com