tag:blogger.com,1999:blog-4088979.post2393337443831576..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Response to Dan Geer Article on APTRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4088979.post-131795607657684442010-04-16T07:14:05.382-04:002010-04-16T07:14:05.382-04:00...you have to be your own intelligence agency...
...<i>...you have to <b>be your own intelligence agency</b>...</i><br /><br />And who's really gonna do that? I mean...really?<br /><br />As a responder, most (if not all) of the organizations I have responded to have been victims simply because they had power, computers, and people, and weren't really all that concerned with protecting data.<br /><br />You're talking about taking steps that go beyond just having a defensive posture when most organizations aren't even doing that. Yes, as you say, those organizations that <i>are</i> doing that are still behind the power curve...but most aren't.<br /><br />Instrumenting your data and becoming your own intel agency are further along the continuum than simply taking a defensive posture and attempting to protect your data. Most organizations aren't even doing that. Some are struggling with what to do about compliance regulations...others are simply ignoring them, banking on the cost of fines over the cost of paying for a breach of some kind.<br /><br /><i>Even if you don't think the advanced persistent threat is all that advanced, realize that if this is so, it is only <b>because it doesn't have to be when your defenses don't require it to be.</b></i><br /><br />Exactly! How sophisticated to you have to be when the remote access password is "password"? How 'l33t do you have to be when someone knows about a SQL injection hole and leaves it open?H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com