Lenny Zeltser on Protean Security Tactics

We’re big fans of the SANS team, and specifically of Lenny Zelster. It’s gratifying then, to see Lenny discussing deception and active defence in his recent  series  of blog posts, and we highly recommend reading his history of deception in computer security.

We’d like to extend a couple of his main arguments:

  1. Thinking asymmetrically
    Cyber-security has always been a form of asymmetric warfare. The defenders have expensive, monolithic defences, are slow to adapt, and are hampered by ‘terrain’ such as geographical boundaries. The attacker are quick to change tactics, rely heavily on deception, and make use of terrain. This is guerilla warfare, and only an asymmetrical defence will yield results.
  2. Support costs of honeypots
    Honeypots in the traditional sense are expensive to deploy and difficult to maintain. They also increase attack surface for an attacker. However, virtual decoys solve all these problems. They are easy to deploy, administer and monitor, and they do not create vulnerabilities. This paragraph is essentially the problem statement to our vision:
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas imperdiet augue nec ornare ultricies. Praesent tincidunt euismod ante, sit amet tincidunt nulla posuere vitae. Aliquam condimentum ante in odio porta mattis. Aenean non ultrices felis, tincidunt ornare nunc. Curabitur congue mi non tortor pretium, vel tincidunt magna porttitor. Etiam eu justo pharetra, blandit sapien et, ullamcorper nisi. Cras sit amet malesuada velit. Donec mattis luctus nisi, quis egestas mi placerat at. Aliquam sed augue sed massa lobortis dictum at et risus. Praesent dapibus sit amet quam in laoreet. Nam porttitor pellentesque felis, fringilla vehicula lectus. Sed ultricies libero blandit, imperdiet risus eu, elementum orci.

When you integrate decoys and active defence into the fabric of the environment, you asymmetrically turn the tables on even the most advanced attackers. They are human after all.