From the frozen sections of the Northern U.S. welcome to 2018! I hope everyone had a good holiday and is refreshed. If not, step outside in the cold, you’ll at least be somewhat refreshed.
Spectre/Meltdown. There I have mentioned it. With so many fantastic write-ups and posts out there, you don’t need another one so lets move on.
One of the things I have been noticing is a lack of forethought. We (and our bosses especially) are so caught up in the reactionary phase of things, that we tend to not think things through. A new vuln comes out, chicken little starts screaming, and we all get over stressed. This happens whether there is a POC, it is found in the wild, or neither. In a products community forum recently, it was asked about the current hullabaloo, why worry about the endpoints since there is nothing in the wild. I responded with the same statement I am making here. Why be reactive when you can be proactive.
Now I know, we have pent test, vuln scans, SEIM and blah blah blah that makes us proactive. Does it really though? How often are we reacting to something from one of our tools? Yes, you can claim putting the tool in place is being proactive. How long though between finding something with the tools, and mitigation? Days? Weeks? Months? How often could being a little faster on the response to some proactive tool stop a piece of malware coming in?
While this is a big deal, there is another one. That is in the planning stages for, well, anything. Take acquisitions for example. Are you doing an audit on their security posture? What about their AD? How messed up is that? When will it get cleaned up? How are they granting access and putting people in security groups? How will this translate to your company’s policies? What happens when you try to merge them into your AD/File Share structure? Is their share structure just going to be changed to your domain, or are you copying the data over only? These are important questions and affect your company’s security posture.
It is a new year, and really time to start thinking anew. After all, you can’t fill up an already full tea cup, and you can’t learn unless you empty your preconceived notions.