Every now and then somebody starts an argument about whether or not it should be a secret which security products you are using.

I will tell you my opinion on that right away:

1.) Unless your risk profile is extremely high and you are one of the five or so organizations in the world who really have super awesome wicked OPSEC in place, don't even bother starting to think about keeping secret the fact that you are using Snort.

2.) If you are using a widely spread product, you can't keep it secret anyway. People talk and vendors often give resellers access to parts of their license database which holds the information who has licensed what.

3.) It is counterproductive because it will hinder your admins and analysts from doing a good job if they are not allowed to talk to other people about those products and share knowledge.

4.) There are only so many products on the market and it's not that difficult to figure out what you are using anyway.

But there are some things you could and should keep secret or at least not disclose too many details about.

Those are for instance

- details on your internal procedures and capabilities for IR, forensics etc.

- details on your tarpits, honeypots and other customized countermeasures

In my personal experience the call for secrecy on product usage most of the time comes from persons who just have no clue.

They tend to think keeping things secret is easier than building elaborate OPSEC capabilities. 

It is not, it does not work and it does not help.

My train of thought here may be flawed or there might be different angles on that topic so please comment and discuss.

Views: 332


You need to be a member of Dissecting The Hack to add comments!

Join Dissecting The Hack

Latest Activity

SUR3SH0T updated their profile
Oct 20, 2020
Anton Vyacheslav is now a member of Dissecting The Hack
Dec 9, 2018
bernardorichard updated their profile
Nov 28, 2018
Sam Mccalla is now a member of Dissecting The Hack
Nov 19, 2018

Stratagem 13 News Feed

© 2021   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service