by Neil MacDonald | July 11, 2011 | Comments Off on Sand Castles and Advanced Persistent Threats
I’ve been absent from blogging for 2 weeks – first we had the Gartner Information Security Summit in DC and then I took some time off for a much-needed vacation.
We spent some time at Hilton Head Island in South Carolina. They’ve got a pretty amazing flat beach where the difference between high tide and low tide can be about 300 feet of beach. We’d use this to have a daily sand building exercise before the tide would come in.
The first day we tried a traditional design – a big, thick wall around the inner castle (a lot like the one above – I didn’t bring my cell phone down to the beach for a pic). It lasted about 20 minutes before a large wave breached the wall. Once that happened, subsequent waves took no time in leveling the rest.
The next day we tried two walls by adding a second, smaller inner wall around the castle inside. That added maybe all of 2 minutes of survival time. Once the outer wall was breached, the inner wall stopped a wave or two, then it fell.
By the third day, we tried a different mindset. Assume the castle will be breached. So we tried a radically different approach. We designed a castle that gets the breached water back out through a system of moats and canals. Sure, there were walls as well – lots of them, but gone was the dependence on one or two walls.
The result? Well, the tide ultimately won – this is vacation after all — but we lasted a good 50 minutes before the castle was leveled.
As I battled the tide, I couldn’t help but think about our increasingly futile attempt to keep the bad guys out (you can see why I needed the vacation!)
Are you overly dependent on one or two layers of (fire)walls to keep the bad guys out?
Have you changed your mindset in how you approach information security? Assume you will be breached. You probably already have been, you just don’t know it yet. It’s time to change our thinking in information security.
The best protection = prevention + detection. We tend to be overly dependent on the prevention side to keep the bad guys (tide) out, but have invested little in detecting when an advanced intrusion has occurred.and minimizing the dwell time of attackers.
Food for thought.
Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer
As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.Read Free Gartner Research
Category: beyond-anti-virus next-generation-security-infrastructure security-of-applications-and-data
Tags: apts beyond-anti-virus defense-in-depth information-security next-generation-security-infrastructure security-summit-na systematic-workload-reprovisioning
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.