"Often, the high-tech services that the cyber security sector sells protect the front door, while offenders continue to sneak in the back one using low-tech methods."
"Often, the high-tech services that the cyber security sector sells protect the front door, while offenders continue to sneak in the back one using low-tech methods."
A major part of Crowdstrikes offering is meant to detect/combat this kind of initial access. In fact most of the companies I’ve worked with have had an offering devoted to it as it’s considered pretty basic.
Additionally the names given to these threat actors aren’t meant to be creative. They follow a convention determined by the intelligence gathering company involved. In this case Spider = criminals (not a nation state actor). Sometimes the first part might be based on some kind of hallmark of the group.
imo the security field needs a new story, as what got it here doesn't get it where it needs to be. it was cool and interesting when the adversary was domestic political surveillance, but now?
I don't really want security in anything. I want good engineering with the features and autonomy to take and manage my own risks. I'd like to not have to think about spies and thieves. If something breaks or gets stolen, I'd like for it to be easily fixed or replaced. I don't want to be interdependent. I'd also like to be able to use superior technical skills to disable, disrupt, and deny annoying people who use consumer technologies maliciously, and to keep governments in check from using tech to oppress people.
building security products today achieves none of these things, and usually just consolidates the interests of a bureaucracy. I agree that security marketing has made the products and narrative unbearable, but maybe I have a more accelerationist view, which is, let them be lame. The world is a better place when the administrators fear their users.
droideqa•9mo ago