Playing defense

I’ve always gravitated towards defensive positions. I draw a lot of satisfaction from disrupting the guy who’s trying to score against my team.

So, it’s no surprise that I’m primarily a blue teamer*.

Unfortunately, in infosec, it’s the red team activities that get the most attention. It makes much better headlines when a researcher finds a new zero-day or a major database is breached.
It’s not particularly newsworthy when a server log file shows that a potential attack was thwarted.

Football highlights show both the circus catch touchdowns and the big defensive hits, but working to defend your servers is never glamorous.

So you’ve got to have a lot of pride in defending your assets to be successful.

Over the next few posts, I am going to outline my keys to a strong defense.

The three M’s: Monitoring, Misdirection, and Misery.

(Normally I would write this up in one large post, but I’m cheating a bit to make my post per day this month.)

*for anyone not familiar with the terminology, red teams are the penetration testers who attempt to compromise an environment and the blue team are those that secure systems from intrusion.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s