Security is like a Football Game
You have 2 teams working to stop the other. The rivals are the “Hacker” vs the targeted “Company”. The playing field is the network and user population on that field. The CSO is the coach who calls the plays via an executed security strategy. Security requires an effective strategy to stay ahead of the hackers and each organization has a similar playbook but not everyone executes the plays the same. An effective security strategy includes trained people, effective process and significant investment in technology. The success of security comes down to the strategy that is executed. A football team has a playbook and a coach that calls specific plays based on the competition. Knowing the competition in Cyber Security is the hardest aspect of the game. Security has a playbook as well and the coach calling the plays is the CSO. The CSO builds the strategy and determines that approach and requires the team to properly execute. The approach today comes down to a focus on a strong defense. The technology then supports that approach. Each approach will have differing outcomes for each company depending on playing field. Does the hacker have home field advantage because he has already compromised a system or person and already inside the organization? The hackers are the aggressors so they are commonly viewed as having a strong offense in this cyber security game. Most organization have built up a strong Defensive stance in reaction to the Offensive hackers. Anyone in security for more than a few years has heard the security term “defense in depth” and most companies have applied security with this strategy of deploying defensive layers to stop the attacker. Based on the rise in hacks this approach is not effective. One could argue if a strong defense is more important than a strong offense in a football game based on the last few NFL SuperBowls. In security we have taken the stance of building a strong defense. It is time to go on the offensive and change the game. A strong Offense is made up of misdirection and misleading patterns to take control of the playing field. Security does not have control of the playing field today. Leveraging new technology today that draws the hacker away from your actual users and assets for early detection and proactive prevention of an attack. I saw a very cool technology this week at RSA and recommend checking out Attivo for an innovative approach to security that applies an Offense to your Cyber Security Strategy by deploying ubiquitous traps and endpoint decoys to out-smart the hacker. A ghost network and user population as the ultimate honey net. A Defense is still needed but to win the cyber security game you need to have an Offensive strategy. Check out Attivo www.attivonetworks.com
Great comments Sam and Ed. A couple of thoughts. If we believe like Sun Tzu that 'All warfare is based on deception', then the Cyber War-front shouldn't be any different, and an effective strategy should include elements of deception. Comprehensive deception platforms offer a way to stack the deck in your favor by proliferating deceptive assets across your network. We deploy deception for our customers from the end point, to user, data center, cloud, and even across SCADA networks. Doing so provides early breach detection of bad actors, APTs, BOTs, insider threats, Ransomware and a lot more. The great thing about today's modern deception platforms is that since they aren't signature based, you don't have to know who the advisory is- and because their alerts are predicated on interaction and not anomaly detection, you get highly actionable alerts without false positives. We’ve detected everything from the Killdisk malware that was a part of the black energy attacks late last year, to the recent Dridex Locky Ransomware that surfaced. Never saw them before, but didn’t need to. That’s the elegance of deception. Given the assumed breach posture that we see a lot of organizations adopting and with the breach data that supports that position change- a modern day deception strategy is a good weapon to have in the arsenal.
Ed and Sam- look into the new emerging space of deception solutions. It offers a way to change the game and shift the odds in favor of the good guys, regardless of who the adversary is. Modern day deception platforms turn an organizations network into one big trap from end point, to data center, and the cloud and don't rely on signatures to confuse, slow down and isolate attacks. They provide high fidelity and actionable alerts without the noise of many other solutions providing early breach detection so organizations can quickly take action and defend critical assets. Since they are
Thanks for the post Marc. One potential twist is that..let's say that you have trouble figuring out how to take the offensive. Keep in mind that "Defense" does not mean passive or reactive. Primary recent example: Denver Broncos defensive unit. For them, "defense" meant attack/offensive. The CSO as a quarterback would do well to keep that attitude in mind.
Helping small businesses succeed using low cost capital.
8 年Interesting analogy. About the only tools available to keep you from being hacked are defensive. It's hard to go on the offensive when you aren't sure which team you are playing against.