Prometheus Blogs

Where Are You On The Security Mindset Spectrum?

02/10/2016

Richard Bejtlich suggests that there are two varieties of security people. One type is focused on prevention through security controls, the other focused on detection and remediation.

Prevention/remediation spectrum

Where are you on the prevention/remediation spectrum?

The prevention folks want to ensure there are effective mechanisms in place to mitigate every threat. That means not only implementing these controls, but testing them as well.

The detection and remediation folks presume systems are about as holey as Menger sponges (illustrated in the construction below). You could maybe hope to block all the paths into systems that are merely as full of holes as Swiss cheese, but that’s not reality. If miscreants aren’t already in your system, they will be soon. So you need to be good at spotting their digital spoor and kicking them out quickly (before they do any real damage), or perhaps feed them misinformation.

Menger sponge

The Menger sponge is all hole. It has zero volume, despite having infinite surface area. This animation by Mattcomm shows the first four steps in an infinite series.

I’d like to think that’s a false dichotomy. Adopting both perspectives is more secure than either alone. Plug all the holes you reasonably can. I say reasonably because you will reach a point of diminishing returns. Then crank your detection efforts up. And once that’s done, periodically improve both.

It might also be worth regarding network security monitoring as a security control, which addresses weaknesses such as:

  • Zero day vulnerabilities are likely to exist
  • Mitigation of known vulnerabilities is unlikely to be perfect
  • Tests of security controls may result in false negatives
  • Social engineering can often provide a way into systems, because people aren’t perfect

If you do regard security monitoring as a security control, it becomes just another preventative measure and the dichotomy collapses.

Reader Comments
Leave a Comment

Back