Dailydave mailing list archives
Custom defense
From: Dave Aitel <dave () immunitysec com>
Date: Mon, 23 Aug 2004 17:02:48 -0400
So I think the real market for future security is in custom attacks and defenses. This is what I see people starting to work on, although they call it by many names (IPS, etc). Custom defenses are also good because they are great for monitoring, which is really what IDS was all about in the beginning, before they decided that good monitoring required thousands of signatures. I alluded to this in my OWASP talk recently, but I'm seeing more and more companies take "test driven development" to the logical extreme, of figuring out how they can detect attacks at the application layer, and building that into their applications from day 1. Even porting choices are custom attacks: Once Bas Alberts (you can see a picture of him on our website, except it doesn't do justice to his dimples) finished the PHP limit bug for CANVAS (released last week), we then field requests from all our customers to prioritize our porting and QA efforts. As much as I hate the "windows of vulnerability" nonsense, this does, in fact, affect our 0day as well. We'll assess whatever a target is running, and then see how far the bugs we find spread to other platforms, versions, or target configurations. It could be wishful thinking on my part, but I see the industry heading in two directions: 1. Custom attacks and defenses (in a domain specific and application specific fashion). I expect this to become part of the default checklist for smart enterprises in the near future, although it isn't now except for the outliers. I don't mean "database scanners" by this though. I mean "special parser for bobsapp log files that runs anomaly detection on it"; I think there's a market for pluggable anomaly detection, for example. 2. Boring audits driven by regulation. HIPPA, etc. Application security reviews are going to turn into checklists. What I don't see is pure application reviews and various assessment work ever leading to profitability in this market. It's just an impossible business model to execute on when playing against a decent competitor. For now, people are making money because the pool of people who can do this kind of work is tiny and demand is strong. But PaX (in the form of PaX and XP SP2) is going to change that. We're going to move towards a mindset of complacence. (And, for those of you going on about information warfare all the time, a position of complacence is the only time a Pearl Harbor can happen. Otherwise it's just a bunch of meatball airplanes getting shot out of the air while trying to commit suicide.) -dave
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Custom defense Dave Aitel (Aug 23)
- Re: Custom defense David Maynor (Aug 23)
- Re: Custom defense Dave Aitel (Aug 23)
- RE: Custom defense Mike Bailey (Aug 23)
- Re: Custom defense Andrew R. Reiter (Aug 24)
- <Possible follow-ups>
- RE: Custom defense Kohlenberg, Toby (Aug 23)
- RE: Custom defense info (Aug 24)
- RE: Custom defense Ron Gula (Aug 24)
- Re: Custom defense David Maynor (Aug 23)