It is better to stay silent and let people think you are an idiot than to open your mouth and remove all doubt.
–Abraham Lincoln
Although we expected APT to be the threat du jour at RSA, I have to admit even I was astounded at the outlandish displays of idiocy and outright deception among pundits and the vendor community.
Now, let’s give credit where credit is due – only a minority of vendors hopped on the APT bandwagon. This post isn’t meant to be a diatribe against the entire product community, only those few who couldn’t help themselves in the race to the bottom.
I’m not claiming to be an expert in APT, but at least I’ve worked with organizations struggling with the problem (starting a few years ago when I began to get data security calls related to the problems of China-related data loss). The vast majority of the real experts I’ve met on the topic (those with direct experience) can’t really talk about it in public, but as I’ve mentioned before I’d sure as heck read Richard Beijtlich if you have any interest in the topic. I also make a huge personal effort to validate what little I say with those experts.
Most of the APT references I saw at RSA were ridiculously bad. Vendors spouting off on how their product would have blocked this or that malware version made public after the fact. Thus I assume any of them talking about APT were either deceptive, uninformed, or stupid.
All this was summarized in my head by one marketing person who mentioned they were planning on talking about “preventing” APT (it wasn’t in their materials yet) because they could block a certain kind of outbound traffic. I explained that APT isn’t merely the “Aurora” attack and is sort of the concerted espionage efforts of an entire country, and they responded, “oh – well our CEO heard about it and thought it was the next big thing, so we should start marketing on it.”
And that, my friends, is all you need to know about (certain) vendors and APT.
Reader interactions
4 Replies to “RSA Tomfoolery: APT is the Fastest Way to Identify Fools and Liars”
Okay- that totally amuses me.
Yep, far too little time.
I’ve been using the phrase “Advanced Persistent Chinese” lately. It sounds good, it’s more accurate, and it’s funny. What’s not to like?
I completely agree that the displays of vendor idiocy around APT were far too widespread. You can’t have a carnival without the barker, apparently.
Good seeing you, by the way, albeit far too briefly.
That’s what I’m told.
APT = China, and we (people who have serious jobs) can’t say bad things about China.
That pretty much covers it, yes?