>my gripe is that they are implying, like every other company that gets breached, that only a nation-state has the resources to pull off such an attack with their wording.
I feel that with respect to FireEye, that it isn't just an implication; more that they would claim this with strong evidence. They are about attribution.
I think this argument is making some false equivalence. Just because every other company that was breached (e.g. Equifax) claims "Wow State Actor Sophisticate Beyond Anything Before Seen By Man" for something as simple as failure to update your software leaves a yawning hole has tarnished the dialog for those who know what they are doing.
While CSO at Relativity, and now for my clients, I strongly suggest that you don't use the phrase "Security is Very Important to us" since that is the first thing out of the mouth of companies who didn't until they got hacked.
>Do you think a penetration test of 3 engineers working fulltime for a year would fail to materially breach FireEye's corporate systems?
Bluntly, yes. I expect that their defenses are much better than most companies, including security companies.
>I have literally never heard of a single person in enterprise security who has ever dared to make such a remark on the record
Enterprise security is in a different category altogether. Few non-security enterprises will withstand much of an attack. FireEye is in a different category altogether.
I feel that with respect to FireEye, that it isn't just an implication; more that they would claim this with strong evidence. They are about attribution.
I think this argument is making some false equivalence. Just because every other company that was breached (e.g. Equifax) claims "Wow State Actor Sophisticate Beyond Anything Before Seen By Man" for something as simple as failure to update your software leaves a yawning hole has tarnished the dialog for those who know what they are doing.
While CSO at Relativity, and now for my clients, I strongly suggest that you don't use the phrase "Security is Very Important to us" since that is the first thing out of the mouth of companies who didn't until they got hacked.
>Do you think a penetration test of 3 engineers working fulltime for a year would fail to materially breach FireEye's corporate systems?
Bluntly, yes. I expect that their defenses are much better than most companies, including security companies.
>I have literally never heard of a single person in enterprise security who has ever dared to make such a remark on the record
Enterprise security is in a different category altogether. Few non-security enterprises will withstand much of an attack. FireEye is in a different category altogether.
If you are interested in the topic, a useful book to read is https://www.amazon.com/Incident-Response-Computer-Forensics-.... I think this is more informative than these BOEC cost calculations.