« What Infosec Should Learn from APT | Main | Spying or Common Sense? »



So should we stick with DLP as the TLA of choice? :-)

Scott Crawford

Hi Gunnar -

Very insightful, and as Nick and I both responded under the Threatpost article, we fundamentally agree with you. However I fear our responses at Threatpost could be construed as being focused on broadening the scope & perception of IT/information security, when the points you make about the need for broader awareness and investment across the spectrum of all we hold dear - which means well beyond IT - are, I believe, entirely correct.

But as to whether this needed transformation will occur to the level of depth really required - I share your skepticism. As my comment under the Threatpost piece suggests, I think it will take more - perhaps far more - than the current focus on the advanced persistent adversary to precipitate something so fundamental. As I noted under our post, "I take little comfort from noting that throughout the history of risk management, transformational change has so often been motivated by transformational events (read: disasters), and we in IT have not yet had the equivalent of safety-of-life types of events that motivate building better systems in the aerospace industry, for example (and hopefully, I haven’t touched off a powder keg by alluding to the role of regulation in that example)."

But neither do I see this as a reason to despair or to sit on our hands. We do not do what we can do well enough yet, and we do not share what we can with each other enough to learn from actual incidents. I'm inclined to agree with the "New School" camp on this, and hope to see greater maturity in what we can do and share - before our adversaries force us to grow up faster than anyone would want.

Thanks for your interest, and for your insight,



FWIW - Mandiant has some informative presentations on APT.


It's been a real eye-opener to understand a few of the compromise mechanisms. It certainly *does* convince you it's not "the network".

The comments to this entry are closed.