Gartner Blog Network


Defeat The Casual Attacker First!!

by Anton Chuvakin  |  January 28, 2015  |  5 Comments

I have not done a philosophical security blog post for a long time – and now I was suddenly inspired to write one while installing – rather, replacing with an HD version – security cameras at my house.

2015-01-27 11.32

Given the house we have, I can imagine a physical security setup where every possible entrance (including second floor windows) and every camera is in the view of at least one security camera. That will take between 12 and 16 cameras. Coupling this with tamper-proof camera enclosures and protected cables, as well as smartly placed indoor cameras and a couple of hidden devices, one can … waste a lot of money.

Am I doing this? No, I don’t! I just want coverage of common ingress points [into the house] and a degree of assurance that a casual “attacker” (i.e. burglar) will be caught on camera at least once and the images would then be available to the police.

My focus here is a commodity attack, not a targeted one. Making a regular house resistant to dedicated burglar is an impossible affair, and the law of diminishing returns kicks hard – and early (I also have a dog — and not just any dog …)

IMG 20150126 150815

In any case, why all this? I hear that many organizations developed a sudden, vendor-marketing-infused interest to fight advanced and targeted attacks. But guess what? More than a few of said organizations actually aren’t that good at fighting basic, commodity attacks – and they are NOT improving.

So, it is a free country and it is [in most industries] legal to really suck at infosec / “cyber.” However, I find it highly illogical and, in fact, wasteful, to attempt stopping or detecting an advanced attacker before you managed to succeed with a common one.

Along the same vein, I worry about people who are “concerned about targeted attacks” but lack any ability to tell that “yes, this attack IS in fact targeted” and , moreover, lack moderately effective defenses against opportunistic attacks in the first place.

So, yes, advanced attacks ARE real. Persistent threats ARE real. 0h-day-wielding state-sponsored superhackers ARE real. But, by god, why focus there if you can barely detect a more traditional intrusion, one that utilizes mid-1990s style tools, exploits and tactics!?

Focus on improving your security maturity – not on randomly picking high-maturity tools (like NFT) and practices (like hunting) and then declaring success! Before you buy another “anti-advanced-anything” box, THINK – are you handling the basics well already and, if YES, what is the best direction for improvement from your current position?

Blog posts tagged “philosophical”:

Category: philosophy  security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Defeat The Casual Attacker First!!


  1. Tim Prendergast says:

    Totally agree… I’ve spent a lot of time evangelizing the fact that you can’t buy advanced security. You must build your way there through people, process, technology, and practice. I love that you took the time to lay it out for people. I use the home security analogy a lot, as well. You don’t need to stop all the burglars, just deter the ones that are opportunistic.

    PS – the blog comment Website field doesn’t accept .io as a valid domain. 😉

    Tim from Evident.io

  2. @Tim In full agreement that “one cannot buy advanced security” and one has to GROW it. I sooo wish more people knew it. The “we need a box for that” crowd is so overpowering ….

  3. Adam says:

    I am totally on the same page with you. I wrote a very similar post just a couple days ago.

    You wouldn’t install security cameras if you didn’t also plan on locking your door. Attackers, physical or cyber, will always try to spend the least amount of money and time to get the highest reward.

  4. @Adam Exactly — and many of those organization have a) THE most expensive camera and b) frequently unlocked side door.

  5. […] Defeat The Casual Attacker First!! […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.