*For Your Comment!! Are we in security field are agree with this statement?*
Hard to believe that I ever thought I would be sitting here wondering about the state of security as a viable career path. I have built my career up as a security dude/hacker for years, but lately I have been noticing a few things. - Vendors are getting really good at detecting network anomalies and the interfaces are getting easier and easier to program. - Threat vectors have become so large that now we look at a multi-tiered attack surface instead of a laser-beamed attack point. - Some of the biggest threats are due to applications and bots. Here's the thing. I have be tasked to write a TechWiseTV episode on security and truthfully, the stuff I have is really about as exciting as watching a grad student take a calculus exam. There is really nothing "new" under the sun. Oh, sure - product updates, faster detection, less false positives, this header manipulation or that compliance support; yada friggen yada... I refuse to do old attacks like BGP, ARP Spoofing, WPA cracking, etc... I need new stuff!!! Kinda cool? Ummm... yeah... but I do not go out and by a new car every cycle to get a few nifty features. I suck it up and buy a car with a heated steering wheel when the one I currently have smokes out. My question is this: *Have we finally done it and gotten to a point where security is handled via a SaaS provider?* Seems to me that a security design goes like this: - Client-side protection (802.1X, TrustSec, AV, drive encryption) - Device protection (TrustSec, SSHv2, DAI, SNMPv3, etc.) - A firewall pair (deep rule set, N+1, line rate or close to it) - Server Protection (TrustSec, drive encryption, AV) - VPN subsystem (SSL, Mobile Phones, 3Des) - Bonus: Log correlation device (OSSIM http://www.alienvault.com or MARS) Press hard, the bottom copy is yours. (shout out to John Codrea!) But the two BIG things on these devices are: - How often are the devices updated to support the latest piss-ant bot, virus, DDOS or application vuln? - How is MY staff is managing the massive amounts of data generated by these devices? Or do I just plug 'um in, config them and never touch them again? Is that it? Have we gotten to a point of security templating? Sure, there are a few changes in every account, but for the most part; we security folks are battling the little stuff we have to wait on another vendor to take care. Not much I can do on an XSS except change the browser rules (or browser multiple times) or how many times can I email Adobe about yet another PDF exploit? To me, it feels like I am a security bottom feeder waiting on the next update. What fun is that? Once the gear is installed and tuned in, now what? Just turn it over to a SaaS provider and make sure the current threat level is addressed, I guess. When exploits get to the level of application exploitation, the hacker clearly has the advantage. They have an endless stream of applications, the element of surprise, endless worldwide resources and a complicated global legal system protecting them. They exploit and I wait for an update. I HAVE to have a team of full-time researchers 24x7x365 augmenting my staff to try and level the playing field. Point: SaaS security teams. The real security action today seems to be at the research or hobbyist level, where folks are hunting C&C for bots and taking them down. Seems like many resellers I talk to agree that security folks are just not something they are asking for. It's nice to know to design to but a dedicated career? No room at the inn. I tell folks all the time that a solid knowledge in security can really make you stand out from others when you design a VOIP, Data Center or foundational network. Am I wrong here? Is security still a good career path for folks interested? I do not believe so anymore and it hurts to say that. I believe it is like a augmentation skill like Unity in Mass Effect 2. There will always be security but more and more I see it having to be a more of a trusted third-party process that has those resources. So what to about this show? Well, looks like ScanSafe is a good bet. IPS, ASA, CSA are out. LISP seems cool maybe some botnet stuff. Yawn... Is this really all there is?? Jimmy Ray Purser<http://www.networkworld.com/community/node/60303?source=NWWNLE_nlt_security_2010-04-21> -- Regards, Mohd Fazli Azran
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
