Tuesday, December 2, 2014

Why I love the big security companies! Here we go again Sony!!!

We keep reading these articles about very large corporate security giant's such as Mandiant and Fireeye and we sort of chuckle. These companies are great at protecting the organizations don't get me wrong but there are some vectors that these solutions consistently miss. They are so focused on the networks, Internet and the people. You did remember the people right?! Well we love the companies that go to these firms AFTER the fact. Look at Sony's recent public announcement that it has hired Mandiant to secure their network. Let's hope they do secure that network because that network has more holes in it than the swiss cheese on my sandwich at lunch time. I mean what Sony this is like the 10000th time you've been hacked.

Honestly there is nothing wrong with Mandiant or Fireeye. Like I said they are good at getting to the bottom of things when a breach has occurred. The biggest problem here is that Sony is just throwing money at the problem. Money alone will not fix these issues. Sony has been listed in our feeds for months so when it's all said and done you will see that Sony has been hacked for far longer than what they have thought. In addition if you know anything at all about DOX you can check some historical archives and find a treasure trove of information on Sony and quite possibly who is behind the attack. You did do your OSINT on this issue right?

So while I love you guys to death let it be known that in the 34 companies that we have audited and 6 US and Canadian Government Agencies not a single agency has been compromised after our audit and lockdown process. I don't think Mandiant or Fireeye can say that with confidence.

I think Sony really needs to look at how their "network" is build and revamp from the ground up. If I'm not mistaken they brought in Mandiant the last time they were breached. What that tells me is that we can probably look forward to future breaches from Sony and we should just take our money elsewhere. I can tell you that your not getting my credit card information any time soon.

No comments:

Post a Comment