Black Hat: Lessons Learned from the Equifax Data Breach
… more sophisticated, often using different types of malware in different phases of an attack; yet, at the same time, very simple attacks are also increasing significantly.”
Threat actors are becoming more organized and businesslike by implementing subscription and as-a-service-based business models to deliver malware in an effort to reduce their work and improve their return-on-investments, according to Mimecast. Also, spam is heavily used by threat actors as a conduit to distribute malware.
In the Black Hat business hall, Tia Hopkins, eSentire‘s vice president of global sales engineering, said at a conference like this, “it’s a little difficult for a security practitioner to figure out what they need and what they don’t because here’s all of it, and everyone saying you need all of it.”
“It really goes back to making sure you do an appropriate analysis of your environment, figure out what your risk is and how you’re going to respond to those risks,” she said. “I find a lot of times you focus on things like pricing, licensing model, deployment and how’s it going to integrate with my environment, but when you get down into why you’re actually going through that exercise of how is this going to solve my problem, that sometimes gets lost in the marketing message because everyone’s telling you I can solve this problem. So then what is it that you’re going to dig into to figure out how your problem’s actually going to be solved. That’s almost more important than licensing models, pricing and deployment.”