Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spooks-as-a-Service Swarm RSA Conference

Posted by samzenpus on from the if-you-can't-beat-them dept.

itwbennett writes "As the list of victims of sophisticated cyber attacks expands, so does the need for specialized, high-priced, and hard-to-find talent to help investigate and recover from those attacks. The latest solution: hosted services offering access to cyber intelligence and incident response. 'At the RSA Security Conference this week, companies large and small are trumpeting the spy agency connections of senior staff as never before,' writes Paul Roberts. 'These new offerings — think of them as spooks-as-a-service — typically combine some degree of network and endpoint monitoring with a cloud-based management platform to gather and analyze data against data aggregated from other customers and third-party threat intelligence.'"

8 of 38 comments (clear)

  1. Don't understand by Anonymous Coward · · Score: 5, Insightful

    Aren't the spy agencies the ones doing most of the cyberattacks ?
    Why do I want them associated with my security company ?

    1. Re: Don't understand by anubi · · Score: 3, Insightful

      In this modern land of anything goes I offer what we all need is a good, solid, minimal, and highly secure PUBLIC foundation system, of which we are all made very aware of exactly how it works, much like I had to "suffer" through years of English classes. Such a system would include a knowledge of HTML, TCP/IP, and a basic windowing system. Have this core system thoroughly understood and bug-free.

      If webmasters conform to this, we should be able to limit the amount of hostile code released as there is no receptor for it in our machines, however any webmaster putting stuff on the internet requiring extensions and whatever will take the same risk as those distributing halloween candy to kids.... make those "hold harmless" clauses about as effective as someone distributing razor blades in apples and handing that to kids.

      That little business phrase of "<insert applet here> required to view this page" would mean that business accepts FULL and UNLIMITED LIABILITY for mischief carried an any applet he required, just as anyone passing candy to kids also accepts full liability for what is in it.. Even requiring pop-ups would mean the business requiring the pop-ups agrees to full liability for anyone misled by an errant popup - even if that popup did not come from his site. I believe by now all of us see how pop-ups can be used for all sorts of phishing work, as once some hapless user is on some business site, he has to answer whatever the popup asks to make it go away. The popup may look real, but it could be just a planted bug to use the trust a customer had for a business.

      I get the very strong idea that such a move would have a very chilling effect on the proliferation of hostile code when the ones who are encouraging its vectors to be installed are also compelled to accept liability for its actions.

      If there is computing to be done, that oughta be done on the server side. In my mind, the client should be considered as dumb as a bag of rocks, only capable of sending and receiving data. It seems terribly risky to me to be running any sort of arbitrary code provided from "someone on the internet".

      I know there will be cries of "assigning responsibility will be bad for business", however I assert that that is the kind of business I would be better off not having.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  2. FUD sells by dutchwhizzman · · Score: 4, Informative


    With all due respect, but most companies don't need this, they need to get and keep their IT secured and that should be enough.
    If you *do* need this, you may not want to rely on a third party to provide you with this sort of service. Your assets are probably way too valuable to solely rely on a third party. The only reason you may want them is to keep tabs on the performance of your own resident spooks and SpookWare(tm), not to entrust the future of your company upon. While I do see a place in the market for these companies, the way they sell themselves is despicable and makes companies act lax and irresponsible towards having their security sorted out properly.

    --
    I was promised a flying car. Where is my flying car?
  3. Cyber-war Profiteering by Burz · · Score: 3, Funny

    That's what it sounds like: Playing both sides.

  4. It's never a slapstick by Taco+Cowboy · · Score: 2

    Spy vs. Spy slapstick at it's finest.

    Before this, whatever we put online we have to worry about the spooks from China as well as the spooks from NSA.

    Now, we have to worry about the spooks from China, spooks from NSA, and the RESIDENT spooks.

    Whatever you want to call it - progression or regression - I call it scary.

    --
    Muchas Gracias, Señor Edward Snowden !
  5. Live long and prosper by Zardus · · Score: 5, Funny

    I read that as "Spocks-as-a-Service". That'd be a waay cooler market.

    --
    You can mod your friends, you can mod your nose, but you can't mod your friend's nose.
  6. NSA conference by Threni · · Score: 2

    No-one's ever going to trust the NS..sorry, RSA again - might as well big-up the whole "we're in it together" thing while it lasts.

  7. Refresh My Memory, Please... by BlueStrat · · Score: 2

    What was it you called a country where the government and powerful, "connected" private business interests merge?

    Ohhh, silly me! *Now* I remember!

    A Fascist Oligarchy, of course!

    Welcome to the DRNA comrades! (Democratic Republic of North America) The new flag will be a black silhouette of a boot stomping a human face on a blood-red background.

    Just wait until they run out of money they can rape from the domestic economy and begin a policy of international aggression to keep their hookers and blow flowing. The world is going to burn.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.