Hello again readers! We spent the first week of July on vacation in North Carolina and then I spent a few days last week at the SANS DFIR Summit in Austin. I was going to write a small recap of the DFIR Summit but I think Matt Bromiley summed it all up pretty well in his post and I don't have much more to add, other than my favorite part of the DFIR Summit is actually seeing friends and colleagues in person and of course the sheer amount of networking opportunities. I personally would like to see more time allotted for networking, but there are so many quality presenters that it would be a shame to have fewer presentations.
This blog post is going to cover some additional thoughts that I had on the impromptu Incident Response panel on which I participated, led by Brian Carrier, and also included Frank McClain and Rob Wallace. One of the comments that I made regarding expensive cyber security tools was akin to "you can buy a screwdriver, but you cannot set it on a table and have it magically build you a house". Likewise, it doesn't matter how effectively written or well-thought out a tool is, at the end of the day, it is simply a tool. The functionality and quality of information (or work) that is produced by that tool is entirely dependent on the human that uses it. I could buy the most expensive, top-of-the-line, hammers, screwdrivers, saws, levels, shims (also a type of cache), nails, screws, and so on, but at the end of the day I do not have the skills needed to build a house. In fact, building Lego sets is about the extent of my construction capabilities.
Unfortunately a lot of vendors market their tool(s) as an "end-all-be-all solution". A lot of decision makers for businesses see this and decide to buy the latest and greatest tool but do not make any investment into the needed individuals to really harness the power of the tool. (My Cyber-Business-Guru/friend, Jack, would note that the mistake is assuming that the tool is a cost-savings over hiring expensive personnel. You Must Have Both!) A good parallel with this can be made regarding our garden and our time away from home over the past few weeks; as you often come back to a garden that is completely unrecognizable from the one that you initially had.
Imagine that a vendor salesperson comes in and pitches the "EXTREME Cyber Security Protector 3000XL" as being able to "stop threats before they happen, in real-time, allowing instantaneous cyber security protection....(and a few other random buzzwords...synergy...end-to-end solution, cost savings, win-win, force multiplier...)". Of course the salesperson makes a great presentation (otherwise they would not be in sales long) and management decides to buy it.
Sure, initially the tool may work fine, but these tools are never meant to be a "set it and forget it" solution. The same can be said about our garden. We kept up on doing regular maintenance, watering, and weeding our garden up until we went on vacation, so it looked similar to this despite our "purchase"* of the most expensive wheelbarrow that I could find:
Newly planted garden. Retrieved July 13, 2015 from http://www.livecreativelyinspired.com/wp-content/uploads/2014/07/marigolds-newly-planted-in-the-vegetable-garden.jpg
So far, so good, right? Well,
|But ... we bought an expensive wheelbarrow. How did this happen?? Retrieved July 13, 2015 from http://www.waldeneffect.org/20100716garden2.jpg|
I think that this is a perfect parallel; as we have to perform regular maintenance on the garden to ensure that we have the plants that we want (ie our network, our data,) or else we end up with something that is overrun with weeds and out of control (malware, toolbars, scareware). Having a good team of individuals helping ensure your "garden" (network and devices) is secure, regardless of the tool(s) that is used is much more rewarding in the long run than spending large amounts of money on tools that just sit there and are rendered ineffective in a short period of time. In the end, it isn't about buying the fully automated, ridiculously expensive wheelbarrow, it is about the humans who filled it with the all of the unwanted items that were running rampant in our garden
|Now where do you want this malware (weeds)? Retrieved July 13, 2015 from http://www.summerhouseart.com/blog/wp-content/uploads/2010/03/weed-wagon.jpg|
*FULL DISCLAIMER: We did not really purchase the battery powered wheelbarrow and the photos above are not of our garden or our wheelbarrow.