#127 - How to Stop Bad Guys from Staying on Your Network (with Kevin Fiscus)
In this episode of CISO Tradecraft, G Mark Hardy and guest Kevin Fiscus discuss the challenges of cybersecurity and the importance of prioritizing security decisions. Fiscus emphasizes the need for effective protective controls and detection measures, as well as the limitations of protective controls and the importance of detection. He suggests a "Detection Oriented Security Architecture" (DOSA) that includes high-fidelity, low-noise detection, automated response, and continuous monitoring. Fiscus also discusses the concept of cyber deception and proposes a new approach to cybersecurity that involves redirecting attackers to a decoy environment. Kevin Fiscus: https://www.linkedin.com/in/kevinbfiscus/ Full Transcripts: https://docs.google.com/document/d/1zIph4r5u8UtuhsMSmIyi90bCtV52xnHv Chapters 00:00 Introduction 04:55 The Average Time to Identify Bad Actors is 28-207 days 07:11 Why Protective Controls Don't Always Work 08:32 Protective Controls Create Resistance 10:34 The Cost of Detecting Bad Guys on Your Network 12:40 The Effects of Resistance on Protective Controls 15:56 The Problem with False Positive Alerts 20:08 How to Define Bad Guy Activity with 100% Accuracy 22:09 The Four Components of Security 24:14 Four Components of Detection Oriented Security Architecture (DOSA) 26:17 Differentiating between Monitoring & Alerting 27:13 High Fidelity and Low Fidelity Alerts 33:06 Setting a Squelch for Radios 31:37 How to Deal with False Negatives 33:56 The Importance of Non Production Resources in Detection 37:56 How to Use Cyber Trapping to Deceive an Attacker 42:54 The Role of Environment Variability in Deception 47:08 Blowing Sunshine at Attackers