As a security principal I am in fact the one saying...

SwiftOnSecurity's posts Post Back to profile

As a security principal I am in fact the one saying No, we are going to turn that Off. It costs too much. Often, that cost is retention of what matters. Or business impact. There is no limit to the amount of data you can generate about the operations of a machine. And it will cost you everything.

Like 23 November at 19:14 | Open on infosec.exchange

7 comments

SwiftOnSecurity

Security decisions informed only by compliance and fear and novelty are not ones that produce results. I've seen the machine with a 1 hour Security log because everything is turned on. According to the saintly instructions but not operational reality. It cost you everything about what happened.

23 November at 19:15 | Open on infosec.exchange

Xavier Ashe :donor:

@SwiftOnSecurity Or doing everything in a "lockdown your OS" list and wondering why all your apps broke.

23 November at 19:17 | Open on infosec.exchange

Joshua Doll 🤷‍♂️

@Xavier ahh I see you've worked for the government too.

23 November at 19:22 | Open on hachyderm.io

Xavier Ashe :donor:

@brektyme STIG ALL THE THINGS!!!!

23 November at 19:22 | Open on infosec.exchange

Dave C.

@Xavier @SwiftOnSecurity Yep, regardless of security posture work needs to get done. Locking down all of the things means work gets harder to accomplish.

23 November at 19:23 | Open on twit.social

caffinepwrd ☕

@SwiftOnSecurity I wish you could give this ted talk to my employer

23 November at 19:39 | Open on infosec.exchange

Merospit

@SwiftOnSecurity I have never been to a place with too few logs in their SIEM. They are regularly missing one or two critical logs, but they are never at a point where they understand, or can action, everything they have.

23 November at 19:32 | Open on infosec.exchange

Go Up