For example, if I have a modern firewall and an antivirus solution from two different vendors, and an endpoint in my network is being attacked, would my firewalls really know about the attack taking place? And if they had this capability, could the endpoint have been attacked in the first place? It makes you question how the obscure approach is serving its purpose in securing an organization's assets, in comparison to a consolidated approach that delivers shared threat intelligence and shared security capabilities across the entire cybersecurity architecture. Secondly, sharing threat intelligence across your entire cybersecurity architecture can only provide better defense capabilities, as opposed to having siloed products from different vendors, sprawled across the cybersecurity architecture that serves no intercommunication capability. On the surface this may seem logical, but is it? What are the tradeoffs and what are the real outcomes that this 'obscure' approach really gives us? Let's explore further.įirstly, organizations I talk to nowadays are more often looking to consolidate parts of their cybersecurity architecture to simplify things, eliminating overlaps within the cybersecurity architecture itself, reducing the number of vendors they have to constantly deal with, and scaling down the amount of noise in the environment. Essentially what this points to is the assumption that the more diverse the vendors and products throughout the entire cybersecurity architecture are, the better. Let's face it: if they didn't, what really does?Īs subjective as the statement ‘security through obscurity’ is, when looking at how this concept has been applied in practice, I’ve observed how industry professionals place many different hurdles (products) from differing vendors throughout the entire cybersecurity architecture. However, often I see those narratives and mindsets seem to really influence the type of cybersecurity architecture organizations adopt. In my role as a security consultant, I see that the real value I can add in the security industry is understanding what my clients' real needs are, and helping them to achieve these. I think it's something we need to explore. I was unaware of this statement’s significance or how this adage has shaped the mindsets of some security professionals today. So while we can rest easy that the VeriSign A Root Server is protected by “obscurity”, the Internet itself remains vulnerable to network-based attacks and well-placed backhoes.Security What is the biggest cyberthreat of tomorrow?Ībout eight years ago, early in my days in the security community, at an event we were attending (long before the coronavirus cancelled them all) I remember hearing a saying: ‘security through obscurity’. His story illustrates new ripples in the old tension between an open society and a secure society.” “Using mathematical formulas, he probes for critical links, trying to answer the question: “If I were Osama bin Laden, where would I want to attack?” In the background, he plays the Beastie Boys.įor this, Gorman has become part of an expanding field of researchers whose work is coming under scrutiny for national security reasons. I’m sure that Sean Gorman would have something to say about the security value of “security by obscurity”. Or are we playing fast and loose and depending on the word of a fellow who could be laid off tomorrow at the whim of a “volunteer” corporation? The Internet never sees them, Silva says, but they can be up and running within 15 minutes and in that time Internet users wouldn?t even notice a hiccup in traffic.”Īnd this process is tested… how? when? This testing is independently audited… when? by whom? These audit results are compared against what criteria? These criteria are set by what body? These are the so-called ‘warm back-ups’ that VeriSign has on stand-by at all times. ”’.If this site just vanished off the Internet, it would automatically over to one or two other locations,’ Silva said. Once you run that fiber through the wall of the vault, you’re letting in a lot of the world. Reminds me of a local ISP, “Glasspath” (a casualty of the DotCom Crash), which bragged that it was safer from hackers because it was situated inside an old bank vault. I’m glad the guys guarding the A Root Servers are up on the latest security trends. “Many people believe that ‘security through obscurity’ is flawed because… secrets are hard to keep.” A response by Bob Alberti, CISSP President of Sanction, Inc.
0 Comments
Leave a Reply. |