Silicon Shecky

Infosec Practitioner

Connect

A role for every tool

By Leave a Comment

Recently, I heard some discussion about how our field comes up with new tools to help augment the workforce. They attempt to make life easier for us by automating menial tasks, or bringing things under one easy shell (pun intended). I also have come to understand that part of the reason for this is that more and more information security professionals are not coming from a solid IT background. What I mean is that they do not understand the basics, how networking works, how firewalls work, etc… Now to be fair there are plenty of people in our field that did not work in that IT field who are fantastic, and know the basics, but they took the time to learn them at least.

The problem I (and hopefully many of you) are seeing is the plethora of solutions out there. Multiple solutions for everything. More specialized solutions for different areas. The higher ups expect us to each be more and more proficient in multiple tools, multiple disciplines. Each of these tools is supposed to not only make a difference, but make our lives easier. EDR solutions, Web Proxies, WAF, SIEM, and many more tools out there. The thing is that each is not doing one aspect, making our lives easier.

I am not going to say that each tool does not have its merits, because they do. Thing is that each tool requires a lot of time and effort to get it tuned, and many of them are never completely tuned and require frequent, if not constant, hand holding to keep them up to date. Imagine that your vehicle required you to change filters, change fluids, and do other maintenance on a daily basis. One day it is one thing, the next day it is something else. How would we ever stop spending money on it all, let alone be able to get anywhere on time? Now think of how much time defenders spend looking at SIEM or EDR, maybe having to maintain the Content Filter due to new sites that are needed to be accessed? How much time does that take? Now add on that you have a small team, and how much time are you taking away from noticing something is actually wrong?

A lot of what tools do can be done manually, for sure, but the idea of having a tool to do it is to cut down on the effort. So we spend thousands of dollars on a tool, only to realize we either need to hire a new person to own that tool, or hire a third party to take care of the tool for us. Now how attentive will that third party be, when they are doing the same thing for multiple companies? How easily can something fall through the cracks? How many more cracks are being added?

Some of the solution comes from taking care of the basics, some from staffing, and some from understanding ones environment and where to focus the resources one has. It is not the sexy stuff of our field, but without it, we risk losing everything. Security is not achieved by throwing so many things at it that we are overwhelmed. It is achieved by doing the basics well and then augmenting for the vertical we are dealing with to cover the largest risk factors. We have to realize there is no perfect security no perfect solution. Our strive for perfection is getting out of hand. We need to come to terms with accepting what is best and better before we all burn out, because the speed of change will do that to us. Just when you think you have all the answers, someone changes the questions.

D’OH

By Leave a Comment

Once in a while you do something completely stupid. Once in a while this totally stupid thing turns out to be a fantabulous learning experience.

In the mist of trying to recover a 1T B Sata Hard drive using Disk Commander, I stupidly removed all the partition information from my main drive on my laptop. It seemed to be the end of a perfect day, yet in the midst of preparring to commit seppoku, I decided to see if I could use the same tool to recover the lost partition. Behold, not only did it recover it so I could at worst transfer all of my documents and data off for a reload, I was able to boot up off my old trusty ERD CD and make the partition active. Voila, saved the whole system, no reload needed and everything where it was supposed to be. Plus the darn thing is working faster now. Go figure.

I talk about tools I use, and most people wonder how I find them. Usually from co-workers, articles on tech sites, recommendations from forums, etc. I usually will try them out after researching them for saftey, and if they don’t do a good job I’ll just uninstall them and move on. The bottom line is don’t be afraid to try software out. You might find a diamond in the rough that you can’t live without, and will save your hide.