June 18, 2014 by
Data: Defense's Home Field
This was originally posted on blogger here.
If vulnerabilities are attack's home field, then data is defense's.Vulnerabilities Are Attack's Advantage
When we talk in terms of vulnerabilities, attackers inherently have the advantage. We have to defend against many. They have to find few. They can continuously look for them without our knowledge. A new vulnerability's use may be the first time we become aware of it. Simple imperfection means that there will always be vulnerabilities available to the attacker. Economically, it will always be more rewarding for the attacker to exploit vulnerabilities than for us to fix them.
The Goals of Defense
Data, on the other hand, is where defense has the advantage. But to understand why, lets first step back and understand the goals of defense. Attacks only end in three ways. The attacker reaches his/her goal (and likely causes a negative impact for us). Defense prosecutes the attacker (whether it be holding them accountable to company policy or the law). Defense makes the cost of attack so high the attacker either can't or doesn't want to attack any more.
To come to either defensive win (prosecution or disengagement), defense needs data. The attacker must be identified and profiled in either case. To prosecute them, we must know who they are, where they are, and what they did to the point where we can prove it to others. For disengagement, we need to know so much about them that it becomes too resource intensive for them to do something we don't know about. (i.e. take action that we cannot identify as an incident, or as them.)
Data Is Attack's Disadvantage
If vulnerabilities economically benefit the attacker, data economically benefits defense. To get data, defense must simply have sensors where data is being generated and a means to identify profiles within that data.
For attackers it is very resource intensive to not generate data. In the real world, just sitting quietly generates data. You generate a heartbeat and a heat signature, both of which can be sensed through walls. The character Jack Reacher is based around the premise of someone minimizing the data they generate. It takes a lot of time and effort for Jack to do so. As can be seen from my blog on Multi-Persona Anonymity, it is very resource intensive to separate your profiles; (not generate data that links one you to another you).
Every time an attacker touches a computer, they generate reams of data. Every time they use the network. Every time they interact with a server or run a program, they are generating huge amounts of information. They are generating logs of who they are, where they are, what actions they took, and what the outcomes of those actions are. Anything that can in, any way, be tied back to their profile as a threat actor can be used by defense to end the attack.
And the more data they generate and we collect, the easier it becomes. We can build profiles of everything they do forcing them to change everything from the computer they use to the timezone and geographical location the attack comes from. We can force the attacker to create completely new tactics, techniques, and procedures in addition to tools for every single attack they attempt. Attackers will no longer be able to try and fail until they get the attack right. Every time they fail, they both increase our ability to prosecute them while having to expend significant resources to completely change their profile before trying and failing again.
Investment Needed
To realize this advantage, some investment is needed. We need the tools to parse sensor data into standard, inoperable formats such as STIX, CYBOX, CAGS, and VERIS. We need integration of transport systems that move data between tools and organizations such as PxGRID, TAXII, IF-MAP, and Moirai. And we need investment in tools to parse the data and build the profiles of attackers; an active area of research from individuals and companies such as the MLSec Project.
In Conclusion
With data, the "try, try, again" approach to attack will be over. By stopping it, the vast majority of attackers will be priced out of the market, leaving defense to deal with truly dangerous threats who are willing and able to commit massive resources to the attack. And defense will still have the advantage.
8 comments captured from original post on Blogger
markson said on 2019-09-16
for example, Spark, R programming, Python just as beneficial programming like SPSS and SAS. ExcelR Data Science Courses
360DigiTMG said on 2020-02-10
I have bookmarked your website because this site contains valuable information in it. I am really happy with articles quality and presentation. Thanks a lot for keeping great stuff. I am very much thankful for this site.data analyticsdata science coursesbusiness analytics course
sreelakshmi said on 2020-06-18
nice post
360digitmgas said on 2020-06-28
I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it.data science course in coimbatore
360DigiTMG said on 2020-06-29
You might comment on the order system of the blog. You should chat it’s splendid. Your blog audit would swell up your visitors. I was very pleased to find this site.I wanted to thank you for this great read!!data science courses online
Ziarulunirea.ro said on 2020-07-13
Very interesting blog. Many blogs I see these days do not really provide anything that attracts others, but believe me the way you interact is literally awesome.You can also check my articles as well.Data Science In Banglore With PlacementsData Science Course In BangaloreData Science Training In BangaloreBest Data Science Courses In BangaloreData Science Institute In BangaloreThank you..
Priyanka said on 2020-12-21
Attend The PMP Certification From ExcelR. Practical PMP Certification Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The PMP Certification.PMP Certification
Deekshitha said on 2022-03-09
Informative blogdata science training in jamshedpur