{"id":5766,"date":"2025-07-31T05:02:52","date_gmt":"2025-07-31T05:02:52","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/07\/31\/measuring-the-attack-defense-balance-html\/"},"modified":"2025-07-31T05:02:52","modified_gmt":"2025-07-31T05:02:52","slug":"measuring-the-attack-defense-balance-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/07\/31\/measuring-the-attack-defense-balance-html\/","title":{"rendered":"Measuring the Attack\/Defense Balance"},"content":{"rendered":"\n<div>Measuring the Attack\/Defense Balance<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>\u201cWho\u2019s winning on the internet, the attackers or the defenders?\u201d<\/p>\n<p>I\u2019m asked this all the time, and I can only ever give a qualitative hand-wavy answer.  But Jason Healey and Tarang Jain\u2019s latest Lawfare piece has <a href=\"https:\/\/www.lawfaremedia.org\/article\/are-cyber-defenders-winning\">amassed data<\/a>.<\/p>\n<p>The essay provides the first framework for metrics about how we are all doing collectively\u2014and not just how an individual network is doing. Healey wrote to me in email:<\/p>\n<blockquote>\n<p>The work rests on three key insights: (1) defenders need a framework (based in threat, vulnerability, and consequence) to categorize the flood of potentially relevant security metrics; (2) trends are what matter, not specifics; and (3) to start, we should avoid getting bogged down in collecting data and just use what\u2019s already being reported by amazing teams at Verizon, Cyentia, Mandiant, IBM, FBI, and so many others.<\/p>\n<p>The surprising conclusion: there\u2019s a long way to go, but we\u2019re doing better than we think. There are substantial improvements across threat operations, threat ecosystem and organizations, and software vulnerabilities. Unfortunately, we\u2019re still not seeing increases in consequence. And since cost imposition is leading to a survival-of-the-fittest contest, we\u2019re stuck with perhaps fewer but fiercer predators.<\/p>\n<\/blockquote>\n<p>And this is just the start. From the report:<\/p>\n<blockquote>\n<p>Our project is proceeding in three phases\u2014\u00adthe initial framework presented here is only phase one. In phase two, the goal is to create a more complete catalog of indicators across threat, vulnerability, and consequence; encourage cybersecurity companies (and others with data) to report defensibility-relevant statistics in time-series, mapped to the catalog; and drive improved analysis and reporting.<\/p>\n<\/blockquote>\n<p>This is really good, and important, work.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bruce Schneier<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2025\/07\/measuring-the-attack-defense-balance.html\">Go to bruce schneier<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Measuring the Attack\/Defense Balance \u201cWho\u2019s winning on the internet, the attackers or the defenders?\u201d I\u2019m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain\u2019s latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57,267,1049,984,1],"tags":[87],"class_list":["post-5766","post","type-post","status-publish","format-standard","hentry","category-bruce-schneier","category-cyberattack","category-defense","category-reports","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/5766"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=5766"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/5766\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=5766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=5766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=5766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}