Matrix

All news that I read in the last two years, I shared on two main topics:

1 - Someone/something was hacked

2 - Creation of new revolutionary defense technology

You don't have to be a genius to understand that there is something wrong with this picture. Of course, I understand this is only basic “common” stuff and a lot of problems start from other sources like controlling person lives, adding all CCTV and IoT technologies in businesses, social media influence etc.

However, I think that all kinds of these things are top cause of root problems - that there are few companies or professionals who can properly deliver security to organizations and private sector.

I mean not to sell a “big and almighty solution” to install all this stuff, and in 3-6 months, no one changes any configuration or updates signature DB etc.

But literally try to integrate all processes, configure software, test it, change all configs and test it again, integrate rules to employees, relying on business needs and REALITY.

The reality in the cyber sec field is a very important “factor” :))) because no standards and super systems can work properly until there is no reality in these procedures.

So, in reality, when the company is establishing a kind of technology, it's crucial to understand:

Business needs
Configuration options
and what can happen in reality

Who can help with providing advice about how the system catch traffic, analyze inputs, PowerShell execution and why when ICMP is disabled SYN packets increase activity?

My suggestion, these are guys are pen testers, red teamers, etc. 

It's like boxing. If you learn only how to defend yourself, in a real fight, you will lose because you will not know how to understand the nature of punches, what they can be like, and from what degree punch will send you knocked out.

Let's start learning how to block attacks - pen. The tester starts PowerShell and writes a basic script to scan the hosts that are up in the network and the guy who monitors the system analyses and starts to see how to detect this stuff and etc.

The idea is clear - after such tests at any time for 6 months for example the defense team will be able to detect much more than before such experience and this is very interesting for both.

So why do we need to change something? In time there will be no companies that would not have been hacked, plus the popularity and simplicity somehow to steal and sell data will affect average people more and more.

Cybercrime will cost businesses over $2 trillion by 2019

@Juniper research

Ransomware attacks increased by 36 percent in 2017

@symantec research

Percentage of cyber attacks aimed at small businesses increasing every year.

@my observation

What is interesting, I have talked with one business owner who sells exactly this kind of a “big solution” and asked him the same question - why you don't want to provide more quality service?

He said that in many cases there is no need. People just want to feel secure rather than be secure. In addition, not all of them can highlight the potential issues and where they can lead to.

Well, just want to mention, that in my case there is no such problem. Do you have similar problems with selling security solutions?

At the end of this small research and observation from my experience, I want to notice that so many issues stays open and so many interesting topics we still need to discover, that all of us need to keep going and remember that security is our responsibility.