Security community tools help intruders
To many ordinary home users and businesses, security software is nothing more than having antivirus protection and or endpoint security software. However, for enterprises the situation is more complex.
I expect adversaries will continue to leverage publicly released tools, often developed by penetration testers and security researchers, to compromise and control targets worldwide.
This trend, publicized most effectively by Mandiant’s Andrew Thompson, turns standard defensive thinking upside down. Unfortunately, it is difficult for those who work on the offensive side of the security team to recognize that this is the case.
The mantra for the past decade has been to “make intrusions more costly for the adversary.” One of the costs an intruder used to have to consider was the development of tools and techniques to compromise and control targets.
However, today the majority of intruders operate publicly released tools to accomplish their goals. This means that intruders can radically decrease their research and development costs, as that burden has already been borne by penetration testers and security researchers.
About the author
Richard Bejtlich is principal security strategist at Corelight.
Public offensive tool releases
The argument in support of public offensive tool release usually offered by penetration testers and security researchers is that they are simply recreating capabilities already known and perhaps utilized by top tier intrusion groups.
By releasing new capabilities, the argument goes, defenders learn what is possible and can develop mitigations that work against penetration testers and actual adversaries.
Their scenario plays out in the following manner:
- An enterprise deploys assets in
Be the first to write a comment.
