[Discuss] Port Scanning

[richard.pieri at gmail.com (Rich Pieri)]

On Sun, 4 Aug 2024 12:38:00 -0700
Kent Borg <kentborg at borg.org> wrote:

> Rich Pieri <richard.pieri at gmail.com> wrote:
> 
> > First, the original quote is, "[t]he worst enemy of security is
> > complexity."  
> Okay.
> 
> And I am quoting Peter Gutmann, circa now. I like his version better.

Yes, well, it seems to me that you still aren't getting it. Peter is
not saying that complexity is bad. What they are saying is that more
complexity makes security -- the thing you do -- more difficult. But I
disagree with the assertion as presented because it incorrectly
suggests that complexity is the only enemy of security. Excessive
simplicity also is an enemy of security.

I think you are not stupid; I would not be writing this if I thought
you were. I think you have a strongly polarized good/bad view of
things. I think perhaps you have become jaded by the incessant reports
of this or that company or hospital suffering a breach of customer or
patient records or being locked out by ransomware because some C-suite
executives wouldn't pay for good security practices, or because some
security company cut corners and pushed an untested update onto an
unsuspecting world on a Friday. I think your stubborn rejection of
tried and proven security tools is not conducive to good security
practices.

You can't write security. You can't buy security and install it.
Security is a process. It's something you do, something you practice,
every day. As threats evolve, so too must security practices. Sometimes
this means hiring expertise to help turn chaos into order. Sometimes we
need new tools to help us organize and manage our large, complex
environments. Sometimes we need new tools to protect against new
threats when existing tools are insufficient. Adding appropriate
expertise and proper tools does not make our environments more complex.
They make our environments more understandable and more manageable and
thus easier for us to keep secure.

I previously mentioned that my employer is a Cortex (PaloAlto)
customer. Initially deploying Cortex across every machine on our
network was a lot of work but it's automated now (I have the Ansible
play to prove it). But rather than making the environment more complex,
Cortex has made it more understandable and more manageable. We have a
centralized dashboard providing an overview of everything on our
network. We have a 24-hour staffed SOC (systems operation center)
monitoring this dashboard and with the ability to isolate any machine
when suspicious or malicious activities are detected.

Sometimes less is more. But when it comes to enterprise security,
sometimes more is more -- as long as it's the right more.

-- 
\m/ (--) \m/