I often talk about automation in my articles and it's a hot topic in general – a quick Google search reveals more than 100 million results for security automation. Given the global shortage of cybersecurity professionals, and the volume and velocity of increasingly sophisticated threats we all have to deal with, humans can't go it alone. Automation helps get more from the people you have – handling time-intensive manual tasks so they can focus on high-value, analytical activities. But the catch with automation is that it has to be applied at the right time in the security lifecycle in order to be effective.
You've likely heard the phrase: "dirty data in, dirty data out." Jumping to the end of the security lifecycle and using automation to take action – like automating playbooks and automatically sending the latest intelligence to your sensor grid (firewalls, IPS/IDS, routers, web and email security, endpoint, etc.) – can backfire. Without first aggregating, scoring and prioritizing intelligence you can actually exacerbate the dirty data problem.
[...] But with the sheer volume of threat data continuing to climb at a staggering rate, we need to start with the threat – automating how we gather, score and prioritize threat intelligence. Otherwise we're just amplifying the noise, wasting precious resources and hampering security – and that's the dirty secret.
(Score: 2, Interesting) by Anonymous Coward on Friday September 22 2017, @07:33PM (1 child)
If you trust HTTPS and the Certificate Authority system to keep your web traffic secure, then you're trusting a system that is completely compromised and broken. At best, you may be able to keep small-fry crooks and neighborhood snoopers out of your traffic, but between National Security Letters and sleazy trusted-by-default CAs, you have no security with HTTPS. "The only thing worse than no security is a false sense of security."
Soylent News seems to be taking the second-best approach (in light of the braindead choices most browser devs' made by making their browsers shriek in horror over completely valid self-signed certificates), by implementing HTTP Public Key Pinning [wikipedia.org] (to prevent MITM with a different trusted-by-default certificate) and HTTP Strict Transport Security [wikipedia.org] (to prevent downgrade attacks).
A true and proper solution needs to be built, and work on such a project is being displayed at youbroketheinternet.org [youbroketheinternet.org].
(Score: 2) by DannyB on Friday September 22 2017, @08:59PM
I am aware of both of these.
I'm considering HSTS which wouldn't be much of a problem.
I'm more concerned about HPKP. I need to get multiple people above my head to make sure we are organizationally mature enough to implement this.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.