{"id":2293,"date":"2018-11-05T11:26:46","date_gmt":"2018-11-05T15:26:46","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=2293"},"modified":"2018-11-05T11:26:46","modified_gmt":"2018-11-05T15:26:46","slug":"defender-mindset-david-wolpoff-randori","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/defender-mindset-david-wolpoff-randori\/","title":{"rendered":"The Defender Mindset with David Wolpoff of Randori"},"content":{"rendered":"

\"The<\/p>\n

As your enterprise seeks out a SIEM or security analytics solutions, you should have some idea of what you\u2019re looking to secure. As we\u2019ve said before, trying to secure your enterprise\u2019s network all at once is a fool\u2019s errand more likely to cause problems in the long term.<\/span><\/p>\n

\t\t\t

<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n

However, what if the real vulnerability in your enterprise\u2019s cybersecurity is your mentality? What if the defender mindset is poisoning your efforts at SIEM deployment, maintenance, or selection? And if this is true, how can you fix it?\u00a0<\/span><\/p>\n

To learn more about the dangers of the defender mindset, we spoke to David \u201cMoose\u201d Wolpoff, CTO and Co-Founder of <\/span>Randori<\/span><\/a>. \u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n

Here is our conversation, edited slightly for visibility:<\/p>\n

Solutions Review: So you mentioned prior that you feel the cybersecurity industry is \u201cstuck.\u201d Can you elaborate on what that means?<\/b><\/h4>\n

David \u201cMoose\u201d Wolpoff: I think anyone looking at the data or talking with those on the front lines will tell you that the way the industry practices security today isn\u2019t working. As an industry, cybersecurity is chasing a moving target and despite throwing billions at the problem, it\u2019s falling further behind each year.<\/span><\/p>\n

Security today is reactive and grounded in a false set of beliefs, including that it\u2019s possible to stop every attack and fix every gap. That\u2019s a defender mindset and no amount of money will make it successful.<\/span><\/p>\n

The sad fact is, most security solutions are designed to pass industry tests and simulations, rather than protect against real, motivated, and resourced adversaries.<\/span><\/p>\n

Rather than looking to stop yesterday’s attack, enterprises should be focusing on what\u2019s out there right now \u2013 to understand the way hackers think, how they make decisions, and the techniques and procedures actually being used<\/span>. Companies who approach security from an attacker\u2019s perspective have a better understanding of their actual risks and can identify where they are most vulnerable.<\/span><\/p>\n

SR: Does this stagnation indicate a failure to understand hackers? Is it desperation? Is it something else?<\/b><\/h4>\n

DMW: I think it shows more than anything that the industry is chasing the wrong goal, having aligned the wrong incentives, and as a result, receiving diminishing returns on investments despite increased spending. Attacks have not gotten substantially more complex nor have the techniques being used, such as phishing, malware, and basic exploits. <\/span><\/p>\n

While some of it is due to a lack of understanding, the bigger issue is one of incentives. Organizations continue to reward and encourage the defender\u00a0mindset, and have not made the institutional commitments needed to drive change and improve security. It\u2019s still easier for teams to get a budget to bolt on another tool than it is to invest in training or muster the political will to change long-held IT processes and procedures to truly move the needle.<\/span><\/p>\n

SR: How can enterprises and organizations think like hackers? What are hackers thinking?<\/b><\/h4>\n

DMW: When we talk about organizations adopting a \u201chacker mindset\u201d, we are talking about reframing the way organizations approach security. <\/span><\/p>\n

What I have seen repeatedly over the years is most organizations are stuck in a defender mindset \u2013 meaning they view the world in terms of bigger walls and deeper trenches \u2013 rather than opportunities and objectives. Far too often, the question I\u2019d be asked after an engagement was, \u201cOkay, cool. What tool do I need to add and how do I reconfigure our SIEM to get the right alerts?\u201d However, the problem was far more fundamental than what they were asking \u2013 and usually stemmed from poor IT hygiene, policy failures, or human error.<\/span><\/p>\n

The best defense starts by first understanding an attacker\u2019s goals and objectives and then working back based on that knowledge. Not all weaknesses and assets are created equal. Start by looking at your organization from an attacker\u2019s perspective to determine where you are most vulnerable. Then use that information to determine next steps and prioritize efforts and spending.<\/span><\/p>\n

SR: How should enterprises set up their incident responses to better respond to attacks and attackers? And do you have any suggestions on how to best practice those plans?<\/b><\/h4>\n

DMW: The most important thing an enterprise can do is routinely test their Incident Response (IR) team and processes in place in the event of a security incident. <\/span><\/p>\n

When it comes to IR plans, I\u2019m a big fan of Mike Tyson\u2019s quote: \u201cEveryone has a plan until they get punched in the face.\u201d While having an IR plan in place is an important step, practicing how teams respond under pressure is the only way to know if your organization is prepared and able to respond.<\/span><\/p>\n

When I\u2019ve seen organizations fail, it was not because they lacked a formal IR plan\u2014it was because they never practiced it. So, when something did go wrong they were unable to account for things like knowledge gaps, poor communication, or insufficient training. These things rarely jump out on paper, but become instantly apparent in practice. \u00a0<\/span><\/p>\n

\"TheThank you to David \u201cMoose\u201d Wolpoff, CTO and Co-Founder of Randori<\/a><\/span>, for his time and expertise on the defender mindset!<\/strong><\/h4>\n

 <\/p>\n

 <\/p>\n

Other Resources from Solutions Review:\u00a0<\/strong><\/h4>\n