The fight to stay ahead of the latest hacker schemes has created a volatile arena for players in the security field. We have watched antivirus software flounder with the rise of ‘crypting’ services. We have witnessed malware sandboxing and its struggles with evasion techniques. And the race is far from over.
With the rapid changes in automating and connecting our systems, the adoption of SaaS and IaaS is only on the rise—and those who want to profit from theft of this data are paying close attention. This is a familiar pattern: One team gets an advantage for a short time, long enough for the other team to find a weakness, and the cycle is repeated.
To put it another way: The cat finds a way to detect malicious behavior, and then the mouse finds a new way to get the cheese. Imagine the cat is the latest VC-backed startup with a new detection strategy and the mouse is a new evasion technique. But the asymmetry created by the way our systems are built is not in the cat’s favor. As Jon Oltsick points out in his article, “The Increasing Cybersecurity Attack Service,” there is “a mismatch where cyber-adversaries have a distinct offensive advantage.”
So let’s create an even playing field by taking a different approach — one that makes the mouse hole much smaller and the cheese all but impossible to get to.
Shifting the focus
I have written before about the soft and chewy insides of our data center, which create a giant target for attackers. It is time to focus on securing the interior with as much energy and effort as we have for years been devoting to securing the perimeter.
The three elements of the new strategy are:
- Reduce the attack surface: Segregation strategies can start small and simple with coarse-grain approaches, and then evolve over time to become more and more fine-grain implementations. These strategies are key to breaking up that huge attack target, and we must continue to work and invest in making it smaller. We also need technology that will be flexible and adaptive enough to enable this transition without slowing down business.
- Everything needs to be part of the collective: The components of your data center have to work together. While the pieces are critical, automating or orchestrating the points of control and monitoring elements is not enough. This is about seeing the data center as a single system, and reasoning at that level. We need to write policy in the language of the business and let the system determine the most effective, efficient, and accurate way to continuously accomplish our goals without involving a human to understand every small change.
- Make the whole system smarter: All the elements must feed and consume data in a continuous loop, discovering and adapting to changes. Knowledge of the whole should be broken up into perspectives and spread back out to all the end points and infrastructure elements. When something small happens in one corner, an action can either be taken broadly or razor focused, where necessary. It’s this flexibility to act in a proportional way to the threat that makes the whole system smarter.
Echoing what Alex Stamos said in a recent article: We need to evolve or die. As a security industry, we must stop waiting for the attack to happen and find solutions that evolve, adapt, and allow us to take a proactive stance.
It is time to get out and lead rather than waiting for the mouse to show itself in.