Verizon’s latest breach delivery
I was catching up on my backlog of podcasts last week, and listened to Episode 271 of the Network Security Podcast (part of my balanced diet of security fiber). If you’re not familiar with this podcast, it consists of Rich Mogull, Zach Lanier, and Martin McKeay shooting the breeze about security topics. It is very casual, very informative and relevant – I recommend you subscribe if you haven’t already.
For Episode 271, Rich was traveling so they invited my pal Josh Corman to join Martin and Zach, to discuss the latest Verizon Breach Report. To riff on the old saying, “If you are reading this, you are too close to the Verizon Breach Report.” In other words, you probably have your very own copy of the Verizon Data Breach and Investigations Report (DBIR) on your hard drive already.
When I read through the report, I was amazed (and a little disappointed) that the results sounded so much like last year’s reports in terms of the attack vectors, detection inefficacy, and what not. Companies are failing to do their security jobs in pretty much the same way they’ve been failing for years, in spite of well-articulated advice that could help them better look after their precious data.
Some solid nuggets of analysis
I was really pleased with the perspective offered in Episode 271, as Josh has done some digging – on his own, and in conjunction with some of the folks that worked on the Verizon DBIR – and he’s come up with some great items that gave me a new perspective on how to use, interpret, and give advice based on the DBIR.
For example, did you know that log analysis has finally beat the TSA in detecting bad stuff? That’s right – on this podcast Josh points out that, unlike prior years in which zero incidents were detected via log analysis, 8 incidents were detected through log analysis. That is good news – the TSA is still at zero terrorists detected using their strange buffet of analysis procedures at TSA checkpoints so they’d better get cracking!
I only wish the Verizon DBIR place a greater emphasis on preparation – security configuration hardening and baseline-oriented monitoring of system state.
In any case, if you’re looking for an interesting take on the Verizon DBIR, what are you waiting for? Have a listen to Episode 271 of the Network Security Podcast.
P.S. Speaking of Josh Corman, you must read his series on “Building a Better Anonymous” on his Cognitive Dissidents blog – it is some of his best stuff (and that’s saying something).