微软威胁情报中心总经理的十句话——From John Lambert——太精辟了.......
微软威胁情报中心总经理 John Lambert的十句话
1. What is the most important network security spend: Sensor appliances? SIEM? Threat intelligence feeds? It's your analyst team.
最重要的网络安全开支是什么?传感器类设备?安全信息和事件管理?威胁情报来源?都不是,最重要的是你的分析师团队。
2. Defenders, you're not stopping attacks. You're increasing attacker requirements. 'Stopping' breeds a mindset ignorant of countermoves.
做防御的,不应该总想着能阻止攻击,而应该考虑怎么提高攻击成本。总想着“阻止”是无知的表现。
3. Your network is a directed graph of credentials. Hacking is graph traversal. See the graph or all you'll see is exfil.
你的网络是一幅有向图,入侵就是遍历这幅图。如果你没有看整张图的视野,就什么也看不到。
4. Things go wrong right here. Admins focus on control to possess secrets. Hackers focus on secrets to possess control. Hackers are right.
问题就在于:管理员关注于控制秘密,黑客关注于秘密控制。黑客是对的。
5. On vulns: You can argue over exposure, difficulty, and likelihood. Security researchers write exploits because they like the truth.
对于漏洞,你当然可以纠结于过度的披露,难度和可能性,但研究者们写利用代码是因为他们喜欢真相。
6. Pentest is the most misused security practice. Pentest is diagnostic. Go from treating the bugs as output, to treating them as input.
渗透测试是安全业务中最常被误用的。渗透测试是一种诊断措施。渗透中找出的漏洞应该被当作进一步安全规划的输入信息,而不是整个安全方案的最终结果。
7. Software engrs hide reality by using architecture over implementation. Hackers reveal reality by using implementation against architecture.
软件工程师试图用良好的设计抵消糟糕的实现以隐藏现实,黑客则利用糟糕实现来对抗良好的设计以暴露现实。
8. Do security jobs need a degree? Remember self-taught hackers made most of our progress. When academia sits out, autodidacts show the way.
从事安全类的工作需要学位吗?记住:我们大多数的进步都是自学成才的黑客们带来的。当学术界的门票卖完的时候,自学者们给出了另一条路。
9. If you shame attack research, you misjudge its contribution. Offense and defense aren't peers. Defense is offense's child.
如果你认为从事攻击技术的研究是可耻的,那你就没理解攻击技术的价值。攻击和防御的地位当然是不一样的:未知攻,焉知防。
10. Biggest problem with network defense is that defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.
网络防御最大的症结在于:防御者的思维往往是单线的,而攻击者的思维要高出一个维度。只要这种情况一直存在,攻击者就总是会赢。