Way too many enterprise security folks think that making life difficult for your users is the same thing as making them more secure.
It's not.
@darkuncle lol. I always tell people that their most advanced, persistent threat is an employee trying to get their job done. The clever things employees will come up with to meet a deadline put the best black hats to shame.
We once had a security control that was so bad engineers were taking personal devices across the street to Starbucks to download files they needed, then sneakernetting them in on personal thumb drives. It got past the bad web proxy, but also made an end run around logging and network-based IDS. I don’t know how many conficker detections we had before corporate security realized they needed to make sure the best-monitored, best protected path was also the easiest, or nobody would take it.
Based on recent events, I think they’re stilll re-learning that lesson… and that’s why I’m glad I’m in security engineering (securing the products we produce) and not corporate security (securing the environments that we produce them in).
@darkuncle @mathaetaes Whenever I run into this sort of thing (which is pretty often) I always think of the line from Star Wars, "The more you tighten your grip, the more star systems will slip through your fingers."
@darkuncle Well played.
@internic @mathaetaes “Not after we demonstrate the power of this web proxy! In a way, you have chosen the sites we will add to the block list first.”