Precocious Kevin McCallister taught us a lesson in security way back in 1990 when he conceded that villians Harry and Marv would likely breach his home.
In that movie Kevin decided not to invest all his resources in defending the boundary of his home but spent some time “automating” the detection and mitigation of those breaches.
Sure a bad guy might break in through the window but he would immediately announce his location upon stepping on the glass ornaments and Matchbox® cars strewn across the floor. An alarm to which our young hero responded.
That shift in philosophy from a primary focus on securing the borders to breach detection, mitigation and response was the topic of CarbonBlack‘s Jeff Guy when he spoke at a recent ISSA meeting in Chattanooga, TN.
The theme wasn’t to give up the boundary but to realistically realize that a patient, monied attacker will eventually find a way to compromise boundaries. The goal is to shift some resources from keeping everyone out all the time to detecting when someone has made it inside your boundary. We all spend significant resources trying to keep people out and many lessons teach us that we seldom realize when someone has breached our systems.
We need to know when it’s happened sooner and we need tools and procedures for how to handle it when it does inevitably happen.
You may not be able to keep some bad guy out of your network but once he’s inside … well, that’s whole different ballgame because YOU own the network; he doesn’t. He may be able to probe your system indefinitely and finally find a way in but once in, he’s in the dark and if you have systems in place and if you have procedures to detect and respond to him then you regain the upper hand.
It’s an empowering paradigm.