Here’s a a very amusing quote from Simon Crosby of Bromium.
“Any approach that says we can stop the bad guys is basically a lie,†Crosby says. With Bromium, he hopes to turn a $20 billion enterprise security market on its head by proving we don’t have to stop them. We just have to keep them from getting to our sensitive data when we inevitably click that infected link.”
Is it just me or does the phrase “we just have to keep them from getting to our sensitve data” actually mean the same thing as stop the bad guys? I don’t see the distinction between keeping someone out and stopping them from getting in.
He and I traded perspectives on this topic last year on a roundtable called “Security in the Cloud: Data Sovereignty, Open Source and Multi-Tenancy” (MP3 Recording)
Perhaps this Wednesday he will clarify at the GigaOm conference in SF.
I can’t speak for the individual, but I suspect what he means is that instead of worrying about hackers getting INTO your network, worry more about preventing them from getting your most important data OUT of your network. The two things aren’t necessarily the same…as many pen-testers have learned, “getting shell” doesn’t mean squat in terms of improving corporate security. You have to prove the ability to exfiltrate actual valuable data.
That said, how he intends to do it I wouldn’t know. But there may be approaches that can be made to improve the end result that even hackers who “get shell” don’t get the most valuable corporate data.
I think he’s arguing for defense in depth rather than perimeter protection. Of course, people have been saying that for a few years now.