Contact Me: https://justinfimlaid.com/contact-me/
With all the breaches in the news as of late there’s been a lot of chatter about the shifting threat landscape. I saw a post on social earlier in the week that got me thinking; if the threat landscape is shifting – why is it that and how does the collective industry slow things down so we can catch our breach and be proactive with security. The one piece of security tech I rarely see folks using is deception technology, but maybe the value of the tech is overlooked.
The idea of evolution and Darwinism is pretty established at this point. Whether you be believe in creation or evolution it doesn’t matter too much but what I want to dial into is the concept of natural selection, if you aren’t familiar with term it’s the process whereby organisms better adapted to their environment tend to survive and produce more offspring. Charles Darwin’s idea of natural selection is generally created as an evolutionist theory BUT the point I want to highlight is I think we can all agree is the common thread here whether you’re a evolutionist of creationist is…mutation. As we, collectively, evolve as species and as all species we mutate we migrate and create a sense of genetic drift from the original DNA strains. But at the most fundamental level genetic drift occurs from testing. We test food, if it poisons us we die. We test our living environments, if it makes us sick we have a lower chance of procreation. If we’re dispositioned to reckless habits it could limit our ability to pass on our genetics and or lessons to the next generation if we’re dead.
Foundationally speaking this is a very long term testing effort as a species but, what happens if we couldn’t test. What happens if the test results were random. I mean truly random. What is something was gaming us all like something out of the Hunger Games? Two people with the same genetic make up, eat the same berries – one gets poisoned and dies and the other doesn’t. What happens those same two people with the same genetic make up live in an environment that makes one sick but not the other. If this was the case, it would be incredibly hard to “test” and evolve. Now, what happens if that same idea applied to castle defenses?
The idea of attacking castles is well documented over time and there’s a long history or action and reaction. An attacker storms the front gate and gets in, the defenders react and build a moat if they have a next time. The defenders build the walls higher, the attackers build a siege tower to easily get soldiers over the walls. The defenders build defense in depth and attackers create the Trojan horse. But what would happen if attack results were truly random, sometimes you go through the front gate…sometimes you didn’t. Sometimes the moat was a problem, sometimes it wasn’t. Sometimes you “thought” you got the Trojan horse in, but you actually didn’t. What would have happened if the attackers thought they were exploiting castle defense but were just wasting time and were delayed until the point they were killed. If this scenario was true – then it’s safe to assume that the evolution of attacker techniques would be slowed…because let’s be honest, they don’t know what does or doesn’t work. If this scenario were true – it’s also safe to assume the intellectual cultivation of castle siege and defense tactics and overall “investment” in new attack or defense would be slowed because attackers truly don’t have a relative sample size to test their hypothesis since the results are random and not based on scientific fact.
If you agree with those ideas, the environment in medieval times didn’t exist to create random results but the technology exists today. It’s called deception technology and it’s generally an underdeveloped technology because it’s not widely adopted in the security industry. At a high level, a deception technology create a series of honey pots and lures in your technology environment. The idea is that attackers are diverted like a trout following a fishing lure to “fake” and “virtual” environments that are purposefully vulnerable. While the attackers are exploiting fake environments with fake data, the attackers are actually being monitored, contained, and in some cases counter-attacked.
BUT lets play this out for this out for a moment, what happens if everyone had deception technology. Would the development of attack vectors develop as fast? Would a market exist for the vast array of security technology point solutions? Would we still be struggling to train our cyber defenders if their skills weren’t outdated in a week? Would the threat landscape being shifting daily if we limited the attackers to random test results.
My personal opinion is no. I think it would materially change the security landscape and change the velocity of investment into our industry. I also think, for once, we’d have a population of folks who can talk and evalgelize the merits of security with out having to peddle fear uncertainty and doubt.
Lastly, as a PSA – I have no affiliation with any deception players in the market.