The second is: what do you do with all that information? I see how this addresses malware response, and I see how this would be useful as a forensic archive for general IR. How comfortable are engineers with that? I don't have a strong opinion, but it gives me enough pause that I'd be a little afraid to ask a client to do it. They're collecting essentially a continuous bash history from every user in their fleet. I don't know enough about Dropbox's company culture to know whether people ever use their machines for personal stuff, but I do know that occasional personal use is an SFBA startup norm. People do all sorts of stuff on their corp laptops. They're deploying this across a fleet of company laptops. I have two big questions - real questions, like, I have no pretense of having an answer and am speaking from ignorance - about how this stuff works in practice. We do this kind of work for startups, and we have a small roster of companies where we're on the hook for this kind of corpsec.īut then I think about what it'd be like to actually deploy and operationalize this stuff, and it gives me pause. This is super interesting and ambitious and I'm always sort of envious when I look at big engineering orgs, like Dropbox and Slack, where everything has fine-grained instrumentation.
0 Comments
Leave a Reply. |