“I kind of got sick of it and I don’t know if it’s helping people,” says Maiffret, who now is chief technology officer of eEye. “It’s 100 percent that it’s easier to do. That’s not in any way to discredit [vulnerability researchers]. But it is definitely more straightforward to find the next Adobe buffer overflow compared to making technology to keep Adobe secure from being leveraged by hackers.”
Now he focuses on defensive technologies – such as eEye’s vulnerability management offerings. In his view, organisations should operate under the assumption that they were compromised by zero-day flaws, which makes defensive research that much more important.
“I always encourage people who are really good at these things to give the defensive side a try,” Maiffret says.
“It’s hard, but that’s also what makes it intellectually challenging.”
Talented researchers are applying their skills to defence. For example, the company Immunity released El Jefe (pronounced ell heff- ay, Spanish for "The Boss"), an open-source, Windows process- monitoring solution that quickly shows users suspicious behaviour.
Back at Visiting Nurse Service of New York, Whiteside adopts Maiffret’s supposition that adhering to best practices, particularly configuration management, can make seemingly devastating incidents like Aurora and Stuxnet seem nothing more than drops in a bucket.
“That’s how I look at it,” Whiteside says. “If [victims] had [systems] patched or if they had a standard that they had applied to all of their systems – regardless of what kind of data they had on them – then maybe some of those [breaches] don’t happen.”
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
