Adaptive Segmentationmicro-segmentation March 4, 2015

Security Party Games: “Would You Rather” Edition

Jimmy Ray Purser,

[Cue computer voice] Greetings Professor Falken. Shall we play a game?

Okay, here we go. Would You Rather: Have a security breach OR install a piece of security gear that results in an accidentally blocked service?

Network Security Party Games

I ask because I’ve been hearing some answers that really surprised the heck out of me. So let’s break this down a bit. Before we do, though, I understand there is a certain amount of value that could add weight to either of these. A compromise of my print server is not as big a deal as a break into my product development servers. And a blocked QOD port is not as bad as a blocked back-up service port.

For today’s game, we’re not adding any weight at all. In its most generic and basic form, which one Would You Rather? Let’s check ’er out:

Security breaches: The good and the bad

First, the bad stuff:

  • There’s really no telling what the damage is.
  • You’d Better Call Saul.
  • Most likely, someone is getting the axe—maybe it’s you.
  • You may have to tell your customers.
  • If it’s bad enough, expect news coverage.
  • Now you’ll have to do an investigation into attack vectors.
  • Armchair quarterbacks will come out of the woodwork with their “would haves” and “should haves.”
  • Next, in come the consultants. Seriously, why are there so many consultants?.
  • The number of TPS reports you’re going to have to write is about to skyrocket.

Now, the good stuff:

  • You can always blame a vendor. I mean, they’re always saying stuff like “you’re gonna get hacked” anyway, and while it may not be in the EULA, it’s implied, baby.
  • If it’s not you who gets the axe, maybe it will be someone above you in the management chain. Now you’ve got room to move up, man!
  • Security budgets always go up after a hack.
  • You’ll learn many ways to say you’re sorry. Assign this task to your longest-married folks. Experience rules!
  • Face it, it’s gonna happen. Everyone knows that. Try to name all the possible vectors into a network now. You’ve got LAN, WAN, social media, email, BYOD, WLAN, etc. Then add in all the vulns, compound that with skill levels and…you’ve got a huge responsibility. It’s kinda like the Drake equation ported to the network. Let’s face it. You’re gonna get hit.
  • It’s just another brick in the wall. There are so many hacks nowadays, we are starting to get desensitized to it. 

Let’s move on...

Blocked service: Pluses and minuses 

Let’s start with the minus stuff:

  • It’s 99.99999% your fault. The old axiom “What was the last thing you did to the network?” applies here big time.
  • It’s mega embarrassing, especially since it seems like a rookie mistake.
  • You’ll lose some confidence in yourself.
  • You’ll certainly lose some confidence from your seniors, which means you can look forward to being second guessed.

Now for the plus stuff:

  • Maybe you can blame it on a vendor. (To be fair, though, this is still mainly your issue for not testing it well enough before a production deployment.)
  • Normally, this is an easy fix.
  • You’ll get some training out of it. Maybe…
  • You don’t have to notify customers.
  • It most likely will not make headlines, except maybe in “IT Goobers Monthly.” 

Do we agree?

To me, a hack is much worse. It’s going to involve so many other damaging factors, whereas a blocked service is mostly just a slip up that you can correct and move on from.

I can see both sides, though. With so many folks getting hacked and so many vectors to get in, being hacked is not the unique cone of shame it once was. But, a blocked service means you either do not know the product that’s blocking the service or you do not know your network. Both of those are 100% suck factor on you.

So let me ask YOU: From a business standpoint, Would You Rather: Get Hacked or Have a Blocked Service?

Adaptive Segmentationmicro-segmentation
Share this post: