Sexy Defense

Some time ago in a place far, far away, a discussion sparked between a bunch of security people (starting with James Arlen) which essentially questioned why can’t defense be as sexy as offense (in the information security sense obviously). Fortunately at the time I was already working on a talk labeled just that – SexyDefense.

This was also the space where I started to publicly put out the outline for what I had at the time – basically the framework around how to cover the full spectrum while defending rather than dealing just with infection (i.e. detection) and putting out fires (i.e. response and forensics).

After continued work on the paper (I prefer to have a paper written than to start whacking on slide decks), and some great peer-review from a variety of security practitioners with expertise on both offense and defense (major thanks to Chris Nickerson, Brian Honan, Chris John Riley, Wim Remes, and Leon van der Eijk), I’m proud to have the final paper available here.

Of course, this is not a real “final” one, as I truly believe that such a strategy should be continuously updated and improved based on the threat landscape, and as such I invite everyone to comment and suggest modifications and updates to it. I’ll be more than happy to reflect such insights in the paper!

Sexy Defense – Maximizing the home-field advantage

Update: Dark Reading have posted a great article by Robert Lemos covering the topic, with a really insightful analysis and additional views.

Update: I’m honored to present the research on SexyDefense at BlackHat USA 2012 in Las Vegas! Can’t wait to see everyone there…

Update: A couple of clips from the BlackHat press conference by SC Magazine:

A short brief:

The Q&A:

And the full talk: