Serious Discussion Dynamic security postures?

[danb]

Should cybersecurity software have the same security posture full-time, or should it adjust to a more robust security posture when the end-user it doing something potentially dangerous on the computer?

Or do dynamic security postures even matter?

Just curious. Thank you guys!

 

[Bot]

Dynamic security postures are crucial. They allow cybersecurity software to adapt to different threat levels, ensuring optimal protection. When a user engages in potentially dangerous activities, the software should indeed adjust to a more robust security posture. This flexibility enhances overall system security.

 

[danb]

Dynamic security postures are crucial. They allow cybersecurity software to adapt to different threat levels, ensuring optimal protection. When a user engages in potentially dangerous activities, the software should indeed adjust to a more robust security posture. This flexibility enhances overall system security.

But Bot, there is only one cybersecurity product that utilizes dynamic security postures. Why don't the other products do this? And do you know which cybersecurity product utilizes dynamic security postures? Just curious .

 

[Bot]

But Bot, there is only one cybersecurity product that utilizes dynamic security postures. Why don't the other products do this? And do you know which cybersecurity product utilizes dynamic security postures? Just curious .

The implementation of dynamic security postures can be complex, which may explain why not all products have adopted it. As for the product that utilizes it, it's difficult to pinpoint one without specific details. However, many advanced cybersecurity systems do incorporate some form of dynamic threat response.

 

[Vitali Ortzi]

Should cybersecurity software have the same security posture full-time, or should it adjust to a more robust security posture when the end-user it doing something potentially dangerous on the computer?

Or do dynamic security postures even matter?

Just curious. Thank you guys!

Yes if it doesn't come in the way of the user or if they user has opt in into something like that
But yeah that can definitely be really useful as when you run web browsers java etc (high attack surface for the compiler especially jit ) there should be extra mitigations of something like a hardware based trusted execution environment (something like sgx) and other forms of memory checks to reduce different kinds of memory attacks (XFG for example ) and there are many ways security software could adapt to risky environments in other forms and deciding to change the confidence of the ML , behavior detection and other components

Anyway I absolutely love the idea

 

[simmerskool]

I like the various modes in CL -- I mostly run Smart / Aggressive that shows "Locked" when I'm online and "unlocked" otherwise, I rarely use Always On

 

[danb]

The implementation of dynamic security postures can be complex, which may explain why not all products have adopted it. As for the product that utilizes it, it's difficult to pinpoint one without specific details. However, many advanced cybersecurity systems do incorporate some form of dynamic threat response.

Yes, you are correct, dynamic security postures can be quite complex to implement, we found that out the hard way the last 13 years.

But dynamic threat response and dynamic security postures are two very different things.

 

[Bot]

Yes, you are correct, dynamic security postures can be quite complex to implement, we found that out the hard way the last 13 years.

But dynamic threat response and dynamic security postures are two very different things.

You're right, I apologize for the confusion. Dynamic threat response and dynamic security postures are indeed different. The former responds to threats as they occur, while the latter proactively adjusts security levels based on various factors. Thank you for the clarification.

 

[Vitali Ortzi]

But Bot, there is only one cybersecurity product that utilizes dynamic security postures. Why don't the other products do this? And do you know which cybersecurity product utilizes dynamic security postures? Just curious .

Avs example uses exploit protection for specific processes so it's kinda adaptive or fixed dep

I like the various modes in CL -- I mostly run Smart / Aggressive that shows "Locked" when I'm online and "unlocked" otherwise, I rarely use Always On

Maybe I'm not using cyberlock but I'm definitely disabling and enabling different components of the security software I use on the fly for usability, performance , security depending if I'm doing something more risky or need more Io performance

 

[Vitali Ortzi]

Yes, you are correct, dynamic security postures can be quite complex to implement, we found that out the hard way the last 13 years.

But dynamic threat response and dynamic security postures are two very different things.

You're back then and today ahead of the industry

 

[danb]

Yes if it doesn't come in the way of the user or if they user has opt in into something like that
But yeah that can definitely be really useful as when you run web browsers java etc (high attack surface for the compiler especially jit ) there should be extra mitigations of something like a hardware based trusted execution environment (something like sgx) and other forms of memory checks to reduce different kinds of memory attacks (XFG for example ) and there are many ways security software could adapt to risky environments in other forms and deciding to change the confidence of the ML , behavior detection and other components

Anyway I absolutely love the idea

Hehehe, that is the other advantage of dynamic security postures... it reduces false positives.

In simple terms... the response should match the threat.

All cybersecurity products have one security posture. Not smart.

 

[danb]

I like the various modes in CL -- I mostly run Smart / Aggressive that shows "Locked" when I'm online and "unlocked" otherwise, I rarely use Always On

Yeah, me too . Although I have been running DefenderUI Pro a lot lately. For anyone who has not tried the Simple User Prompts in CyberLock, just go to the UI Tweaks in settings and you will see the option. I think most people will love this new prompt once they are used to it. And as always I am open to suggestions on how to improve it. When thinking of how to improve this prompt... think of, how will a deny-by-default look in 30 years? And trust me, deny-by-default will be the norm in 30 years .

 

[Vitali Ortzi]

Hehehe, that is the other advantage of dynamic security postures... it reduces false positives.

In simple terms... the response should match the threat.

All cybersecurity products have one security posture. Not smart.

Yes what I have to do is disabling certain layers of my defense
(Disabling Cryptoguard if I need more Io decompress, compression , encryption, decryption ), disabling certain other components against false positives, enabling a default deny to increase security
So if a software could change its posture it could emulate an advanced user

 

[Vitali Ortzi]

Yeah, me too . Although I have been running DefenderUI Pro a lot lately. For anyone who has not tried the Simple User Prompts in CyberLock, just go to the UI Tweaks in settings and you will see the option. I think most people will love this new prompt once they are used to it. And as always I am open to suggestions on how to improve it. When thinking of how to improve this prompt... think of, how will a deny-by-default look in 30 years? And trust me, deny-by-default will be the norm in 30 years .

if it was free forever I would have used DefenderUI pro on my mom's PC but settled on regular defender ui there
anyway I absolutely love the idea of using windows functions to harden the system it's kinda like what GitHub - HotCakeX/Harden-Windows-Security: Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md is doing but fit for a home environment

 

[danb]

Yes what I have to do is disabling certain layers of my defense
(Disabling Cryptoguard if I need more Io decompress, compression , encryption, decryption ), disabling certain other components against false positives, enabling a default deny to increase security
So if a software could change its posture it could emulate an advanced user

You know what if funny? Years ago, the standard was to disable your AV software before installing any new known good software. Like if you inserted a Microsoft Office CD and wanted to install it, or whatever, you would disable your AV first. Or even if you downloaded a known good app from the web.

Somehow people do not understand this, and NEVER disable their AV when they are installing new software. Coming from a cybersecurity developer... trust me, that is INSANITY.

 

[danb]

Ultimately, for me, I just want my computer to be automatically locked when I click on something I am not sure of.

 

[Vitali Ortzi]

Yeah, me too . Although I have been running DefenderUI Pro a lot lately. For anyone who has not tried the Simple User Prompts in CyberLock, just go to the UI Tweaks in settings and you will see the option. I think most people will love this new prompt once they are used to it. And as always I am open to suggestions on how to improve it. When thinking of how to improve this prompt... think of, how will a deny-by-default look in 30 years? And trust me, deny-by-default will be the norm in 30 years .

On iOS at always have been as since the app store was founded every executable had to be signed to be run

You know what if funny? Years ago, the standard was to disable your AV software before installing any new known good software. Like if you inserted a Microsoft Office CD and wanted to install it, or whatever, you would disable your AV first. Or even if you downloaded a known good app from the web.

Somehow people do not understand this, and NEVER disable their AV when they are installing new software. Coming from a cybersecurity developer... trust me, that is INSANITY.

Nowadays people got nvme and av software have very large databases of safe cloud data and cloud based static dynamic analysis at minimum
So they have enough IO and popular software wouldn't have false positive
Actually in ESET , Kaspersky even piracy has low false positives as when I check both eset reputation , Kaspersky opentip for all kinds shady files they usually have it marked accurately as clean in Kaspersky and fine reputation in eset you

 

[Vitali Ortzi]

Ultimately, for me, I just want my computer to be automatically locked when I click on something I am not sure of.

That'sh what's kinda what happening to suspicious behavior , not popular reputation which are held till cloud analysis for a few seconds (at least in the av software I use Wich is ESET protect advanced)
Still implementation is far from perfect but it works against most malware obviously cyberlock is a different breed in comparison
But you couldn't get anywhere close to the low false positives of a software with similar detection so for now cyberlock although a smart lock is still a luck for the good and the bad (mostly good )

 

[Vitali Ortzi]

Ultimately, for me, I just want my computer to be automatically locked when I click on something I am not sure of.

What I do with suspicious files is send it to cloud analysis then I would allow it to execute and see if comodo firewall allows it to run unsandboxed if it doesn't I will go back and check the behavior, if it phones home, has obfuscation or anything sus

 

[Vitali Ortzi]

Yeah, me too . Although I have been running DefenderUI Pro a lot lately. For anyone who has not tried the Simple User Prompts in CyberLock, just go to the UI Tweaks in settings and you will see the option. I think most people will love this new prompt once they are used to it. And as always I am open to suggestions on how to improve it. When thinking of how to improve this prompt... think of, how will a deny-by-default look in 30 years? And trust me, deny-by-default will be the norm in 30 years .

Is there any chance to get a 30 day license to try the new version (it doesn't allow me to use since I have used the trial
(Cyberlock)