Dan Geer on Trade-Offs in Cyber Security | Digital Guardian

Dan Geer on Trade-Offs in Cyber Security



A speech by cyber security expert Dan Geer

If you haven't caught this speech by security luminary Dan Geer over on the Schneier on Security blog, read "Trade-offs in Cyber Security," also in its entirety here: http://geer.tinho.net/geer.uncc.9x13.txt.

Dan was Chief Scientist at Verdasys and has been a long-time friend and consultant to the company. His group at MIT ran the development arm of Project Athena, where staff on his watch pioneered Kerberos, the X Window System and much of what we take for granted in distributed computing. Dan serves as Chief Information Security Officer at In-Q-Tel, as well as writing, speaking and just generally reminding us how important intellectual property protection is in companies "that don't accept half measures" when it comes to data protection. We recognize his apt description of what we strive to do here at Verdasys:

"I previously worked for a data protection company. Our product was, and I believe still is, the most thorough on the market. By "thorough" I mean the dictionary definition, "careful about doing something in an accurate and exact way." To this end, installing our product instrumented every system call on the target machine. Data did not and could not move in any sense of the word "move" without detection. Every data operation was caught and monitored. It was total surveillance data protection. Its customers were companies that don't accept half-measures. What made this product stick out was that very thoroughness, but here is the point: unless you fully instrument your data handling, it is not possible for you to say what did not happen. With total surveillance, and total surveillance alone, it is possible to treat the absence of evidence as the evidence of absence. Only when you know everything that *did* happen with your data can you say what did *not* happen with your data."

Dan wrote a great piece here on this blog about how companies that are building their future on intellectual property can affford protection sufficient to protect their IP through managed services.

Mike Parrella

Please post your comments here

Related Articles
What’s Hard about Stealing Sensitive Data? Nothing.

What’s hard about hacking into embassies and government computers? Nothing, says a 17 year-old hacker.

Tax Fraud in 2016 will be HUGE!

Initial numbers from the IRS put 2016 on track to be the best year ever - for tax return fraudsters. After a record haul by fraudsters last year, we might wonder why?

Cybersecurity Risks 2019: Top Online Security Risks for Healthcare, SMBs & More

What will the biggest cybersecurity risk be in 2019? We asked a panel of cybersecurity experts how defenders can best prepare for the coming year.