
The failure of the security industry - wglb
http://www.scmagazine.com/the-failure-of-the-security-industry/article/403261/
======
Animats
The security industry is doing great. Symantec made $6.6 billion last year
without actually solving the problem they claim to solve.

Add-on security never really works except inept opponents, but it's a very
profitable business.

------
sputknick
Something along the lines of his first point about platforms has been the bane
of my existence for the better part of three years. These security tools we
spend so much money on, make interacting with, and analyzing the data they
generate almost impossible. They all have their built-in reporting mechanism,
but what if I want to see if the vulnerability found in the Tenable Nessus
scan relates to the data from our McAfee Endpoint solution? I have to copy and
paste the host names, and their associated CVEs, then run a report to dump all
of our endpoint data for the entire enterprise, then hit ctrl-F. It's hard to
perform actionable security in any way other than in the rearview mirror.

Anyone have any thoughts on how successful I might be if I tried to build a
platform that would take data from multiple vendors to perform analysis? Would
the vendors be amenable, or would they fight against me?

~~~
sarahj
My guess is that for the most part the vendors wouldn't care - which would
mean that every update cycle you would have to spend a day patching the
platform to cope with whimsical proprietary format changes. Actively hostile
vendors could easily make it very difficult to scale out the platform, even if
they didn't target you for legal action.

Ultimately what we need here are open standards at all levels, that is the
only way you can have a stable interaction of systems and keep the market open
and competitive.

~~~
walterbell
One effort at a standard, [http://stix.mitre.org](http://stix.mitre.org)

 _" STIX™ is a collaborative community-driven effort to define and develop a
standardized language to represent structured cyber threat information. The
STIX Language intends to convey the full range of potential cyber threat
information and strives to be fully expressive, flexible, extensible,
automatable, and as human-readable as possible. All interested parties are
welcome to participate in evolving STIX as part of its open, collaborative
community."_

[http://stix.mitre.org/language/version1.1.1/samples.html](http://stix.mitre.org/language/version1.1.1/samples.html)

------
wglb
Check out the unfortunate caption on Alex's
[https://news.ycombinator.com/user?id=secalex](https://news.ycombinator.com/user?id=secalex)
photo.

~~~
jessaustin
Wow. The editor really doesn't like that dude.

~~~
pktgen
Hmm, I must be missing something here. The caption on the photo I see is "Alex
Stamos, CISO, Yahoo" \- nothing special there?

~~~
sarahj
It used to say something like "Failure of the Security Industry".

