One Article Review
| Source |  taosecurity |
|---|---|
| Identifiant | 2366167 |
| Date de publication | 2021-02-18 10:53:39 (vue: 2021-02-18 16:05:51) |
| Titre | Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem |
| Texte |  PropositionDigital offense capabilities are currently net negative for the security ecosystem.[0]The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent (#securityonepercent), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of the defender. The entire security ecosystem bears the costs, and in some cases even those who see tangible benefit may suffer costs exceeding those benefits.The ReasonLimitations of scaling are the reason why digital offense capabilities are currently net negative.Consider the case of an actor developing a digital offense capability, and publishing it to the general public. From the target side, limitations on scaling prevent complete mitigation or remediation of the vulnerability.The situation is much different from the offense perspective.Any actor may leverage the offense capability against any Internet-connected target on the planet. The actor can scale that capability across the entire range of vulnerable or exposed targets.The ThreeOnly three sets of actors are able to possibly leverage an offense capability for defensive purposes.First, the organization responsible for developing and maintaining the vulnerable or exposed asset can determine if there is a remedy for the new offense capability. (This is typically a "vendor," but could be a noncommercial entity. As a shorthand, I will use "vendor.") The vendor can try to develop and deploy a patch or mitigation method.Second, major consumers of the vulnerable or exposed asset can take similar steps, usually by implementing the vendor's patch or mitigation.Third, the security one percent can take some defensive measures, either by implementing the vendor's patch or mitigation, or by developing and acting upon detection and response processes.The combination of the actions by these three sets of actors will not completely remediate the digital offense capability. The gap can be small, or it can be exceptionally large, hence the net negative cost to the digital ecosystem. |
| Envoyé | Oui |
| Condensat | #securityonepercent copyright free from i one philip the too 2003 2018 2020 able accrue across acting action actions actor actors addressing adopting after against agencies all another any are argument asset assets assumed authentication automatic availability aware bears being bejtlich benefit benefits between billion blog blogspot blue blues budget budgets but can capabilities capability case cases cautiously centrality cloud code com combination comes comments commitment complete completely comprehension comprehensively concern concerns conclusion conclusions conclusions:1 conclusionthe confident connected consider consult consumer consumer/security consumers consumersmajor control cost costs could countermeasures counts critical: currently curve customer customers decades defender defenders defense defensive depend depending deploy deployment derive derived detection determine develop developing did difference different differently:an digital direct directly distributed does dollar drive dual ecosystem ecosystem:offensive effective effectively effectiveness either email endnotes enforcement enjoy enjoyment entire entities entity equip especially even example exceeding exception exceptionally exceptions explicit exposed facing factor failing first fold form found from fund gap general generally generating group has have help helpful helpless hence hobby holds host however implement implementing improve improved improvement income increasing independent independently individuals information insight insightfrom instance intelligence internet intruder intruders inverse involvement involves its key knowledge large larger law learning least legitimate less leverage leveraged likely limit limitation limitations limiting little livelihood loudest maintain maintaining major make mandate mandating many matters may mean means measures mechanism mentioned method mfa military mindset mitigation more most much multi nature negative net new non noncommercial nonexistent not note noted nowhere object objections objections: oblivious offense offensive offer offering offerings offs offset one only open operate operating operational optimistic options organization organizations other outside outweigh overdue own particularly patch penetration people percent percent percentthe perhaps personally perspective phrase planet play please policy population portion position positive possibly post posture premise prescription prevent previous primarily privilege probably problem processes produces professors propositiondigital protect provide providers public publicly publishing purposes qualify range ransomware rather reach realized reason reasonlimitations receive red regardless reject relative releases reliance rely remain remediate remediation remedy require requires research response responsible rest result richard rise role scale scaled scaling second security see sentiment separate service sets shorthand should shown side silently similar situation size small societal software solarwinds solutions some source stated steep steps strategy stronger strongest such suffer summary summarythe superior take tangible taosecurity target targets team teams technical technology testing than them thereby these third those threat threatens three threeonly tools tracks trade training treated triad true try trying tuning twitter two typically until update updates updating upon use user using usually vendor vendor/major vendors vendorsvendors very voice volunteer vulnerability vulnerable ways weakest when who why will within without work worked working world would www yields zelikow |
| Tags | Ransomware Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.