Hacker News new | ask | show | jobs
by ropable 356 days ago
As someone working in infosec for a largish 2000 seat organisation - it's honestly not inaccurate. No matter how much accessible information security training we try to provide and the EDR controls we implement, >95% of our incidents involve an end-user following (sometimes extremely obvious) phishing links. And contrary to what you've said, Windows Defender (in conjunction with Airlock) has actually saved us from ransomware attacks.
4 comments
mr_mitm 356 days ago
> No matter how much accessible information security training we try to provide and the EDR controls we implement, >95% of our incidents involve an end-user following (sometimes extremely obvious) phishing links.

That just shows that security training is insufficient and admins need to design their systems and networks to account for that fact. Clicking links is part of everybody's job and should not pose a risk to your organization. Enable 2FA for everything exposed to the internet to mitigate phished credentials.

Stop trying to fix the user: https://www.schneier.com/wp-content/uploads/2016/09/Stop-Try...

link
supertrope 356 days ago
If an entire company can be paralyzed by tricking a single employee it's a process issue. Just like how wiring out $100,000 same day on the order of a single employee should be blocked by internal controls.
link
BLKNSLVR 356 days ago
Where I work has recently implemented Airlock and my laptop feels a lot less responsive since. I'm aware of the whole security trade-off, just wondering how noticeable it has been in your organisation, if at all?

Having said that, two things worth considering in my case:

1. My laptop is relatively old and, I think, overdue for replacement (8GB RAM, really?)

2. Windows Defender + Airlock + CrowdStrike + Netskope + Nessus seems an expectedly heavy load on a system

link
3eb7988a1663 356 days ago
Not sure the exact combination of internal security nonsense used, but my corporate laptop idles at a good 20% cpu utilization. It would not surprise me at all to know that the products are stepping over themselves and scanning each other. Double plus ungood is that any programming tool I use seemingly gets extra scrutiny and can take 10x as long as I know it would on a non-compromised Linux machine.
link
cube00 356 days ago
> And contrary to what you've said, Windows Defender (in conjunction with Airlock)

"Contrary to what I've said" while you add in an extra third party product that I didn't mention.

link