A Homegrown Defense Team

By Lisa Vaas  |  Posted 2007-07-06 Print this article Print

How do you turn a small group of security pros into an organized online crime group?

Lately Dave Aitels been thinking: whats the difference between organized online crime groups and commercial companies that do penetration testing? "A company has a rather large budget, dedicated infrastructure and an experienced and skilled staff. So why do so many of them fight like flabby novices? The fact is, giving someone a lot of money and a big mission to solve often gives them a good excuse to get fat and useless," said Aitel, chief technology officer and founder of security software maker and consultancy Immunity, in a recent blog.
Thinking like a hacker is an effective method to ward off attacks from malware writers. Click here to read more.
Thus were born the "Six Rules for Punching Above Your Weight Class," Aitels guide for turning a small group of security pros into a lean, mean hacking machine—similar to an organized online crime group. Rule No. 1: If you cant debug it on the fly, you cant use it. "There are always going to be cases where [a tool] doesnt work, and its the users fault," Aitel said. "Networking complications between you and a target are always going to come into play. If the target has a host IPS [Intrusion Prevention System] like a scanner, you can still make the exploit work, but if youve never written an exploit, you cant." Rule No. 2: Dont split up research from attack. This rule comes out of the time Aitel spent working at @Stake. The security company had a research team, but it was firewalled from its consulting team, Aitel said. The result: The research team ended up working for years on things that had no bearing on the job at hand. Rule No. 3: Develop a fast-reaction team that can hit easy or very time-critical vulnerabilities within 8 hours or less. "Youre going to have different researchers better at different things. Im on the fast-reaction side rather than the slow-analysis team, but we have both on staff," Aitel said. Rule No. 4: Focus on technology already in-house. "Your research dollars are best spent on stuff you have. Those are risks you can remove right now," Aitel said. Rule No. 5: Develop technical partnerships with other people who can write exploits. Become part of the security research community, whose members can be found at conferences, mailing lists or RIC (real-time interface coprocessor) channels, Aitel suggests. Click here for a basic request for proposal that can assist with identification and remediation of security risks. Rule No. 6: One team, one mission. People naturally want to work on only Windows or only Unix, but thats not the way to success, said Aitel. Find people who can work on the whole picture. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel