CDSA News

Even ‘Super Hackers’ Leave Entries in Logs, so Prepare to Drown in Data (The Register)

Super hackers basically don’t exist, your incident response plan sucks, and you should relish the opportunity to drown in data: such are the lessons from incident response fanatic Anton Chuvakin.

The analyst, physicist, and former director of Security Warrior Consulting gave delegates of the Gartner Security and Risk Management Conference in Sydney today a sermon on the dos-and-don’ts of security incidence response.

The Garner Vice President says the old school incident response model security bods are taught as tots is ineffective but sadly popular. He says while “super hackers” exist, they aren’t ghosts and everyone leaves logs.

“Super hackers practically do not exist,” Chuvakin says. “They always leave trace.”You should deploy more visibility tools; it’s likely you don’t have enough, even if you think you are drowning in data.

“Many think the win is not about being secure, but is about stopping the attackers. And that mindset makes it difficult to do advanced incident response.”