John Pescatore

I am about the same age as Tang, the allegedly orange juice-like powdered mix. I always figured the real history of Tang was that the chemical industry was trying to come up with a way to compete with the actual orange juice industry and Tang was as close as they could get – not very close. It was a failure but I bet some smart marketing guy said “hey, they are throwing scads of money at this idea of beating the Russians to the moon – I heard NASA is buying $5,000 coffee-pots, they will probably pay oodles for a cheap, light drink mix they can force astronauts to drink.” And a legend was born.

Similarly, this morning I heard Garrision Kiellor’s Writer’s Almanac on NPR radio, where he said Charles Dickens had written a money-losing novel (Martin Chuzzlewit) and needed some cash.  So, quick like a bunny, he wrote A Christmas Carol, which of course became a huge best seller and ultimately a classic.

Which points out how we always over-estimate how automation will solve problems and under-estimate how powerful smart tools in the hands of smart people are and will continue to be. I bet if you fed the formula for Tang into the best automated analysis algorithm today it would suggest it could best be used by mixing it with concrete to make non-skid surfaces. If you feed Martin Chuzzlewit into Google and say find the opposite, the closest it comes is George Eliot’s Silas Marner, which probably didn’t sell much better than Martin Chuzzlewit.

Oh, the connection to security? In the current threat environment, where targeted and multi-stage attacks are doing the real damage, I’ve been seeing a lot more need for analytic tools to support recognizing when a new attack has hit.  IDS was sort of used this way early on but fell into the automation trap – just relying on attack signatures and got sidetracked by “signature crack” just the way anti-viral did. IPS went the other way and said “let’s just block access to vulnerabilities” and does a great job of blocking vulnerability seeking attacks. But the damaging attacks today aren’t just looking for unpatched machines, they are exploiting unpatchables users – and using clever techniques that keep changing, just like people’s tastes in juice or books keep changing.

Automation only works on mature threats, as a way of reducing the cost of dealing with the known. Tools to support human analysts are what will always be needed to deal with the unknown  - that leads to turning the unknown into the known.

Submit a Comment »

Category: Uncategorized     Tags:

Share