Friday 12 October 2007

'Defensive Security Domain' or 'Offensive Security Domain' - You choose!

Brand Killer Robots reveal::
Talk to most security consultants and the theme of their advice would be to park your goods in the middle of the road and then deploy sentries to defend against the incoming.

They will tell you that it is very important to get inside the mind of your attackers so that you can understand what is happening to you - when it happens to you!

They'll also tell you that no security measure will ever stop a perpertator hell bent on mischief and that the Internet is just so vast that incoming threats could come from anywhere, at anytime and using a multitude of fake identities.

All of which is significant unless you are thinking about security from the perspective of an unconventional 'non-victim state' security posture.

There are two base security postures in existence; posture 1 relates to the defensive security domain (DSD); which began life as instinctive behaviour in prehistoric times to defend against predators and has been adopted throughout history in wars and civil strife. Much of today's business and information security practices are based on the concept of the defensive security domain.

"Placing your goods in the middle of the road and deploying sentries to defend against the incoming".

In others words the defensive security domain uses the 'victim state posture i.e "If someone sneaks up on me and says boo, i'm going to jump, run for cover, then try to ID them and take action later, if i can".

Posture 2 relates to the offensive security domain (OSD); which started life in the CIA, MI6 and other such agencies. OSD use a predatory (non-victim state) posture to ensure perpertrators are taken out before they ever arrive at their destination. OSD relies heavily on tactics that make it difficult for an attacker to lock on to the intended target and utilises brand level security assessments and intelligence profiling techniques.

"Constantly shifting your goods out of harms way, whilst deploying agents to locate and take the predators out - before they ever begin to show up on your doorstep".

A typical example of a defensive security domain (DSD) application would be a firewall, a penetration testing exercise or any security awareness campaign. A typical example of an offensive security domain (OSD) application would be a roaming honeypot device designed to detect and track subversive behaviour, a targeted surveillance campaign or a 'bogus download' that pinpoints the location of a media pirate.

Whatever it is you have invested in you need to identify from your company risk register just what should be protected by conventional security measures (DSD) and just what ought to be added to a new security strategy that will become part of your offensive security domain (OSD).
Why take on a rigid, victim like security posture, when you have the means to fly?

Why watch your business be ripped apart bit by bit, when you have the means to severe all the heads of the beast before it ever arrives on your doorstep?

1 comment:

Anonymous said...

The problems arise from the conventional aspect of Web communications!
If the method of data transfer was varied above the fundamental and (relatively solid) packet switching.
Then the techniques used to decimate a server or servers could be totally avoided and a process of transient protection could be built dynamically by the very targets the attacks are being centred upon.
This takes the shape of a dynamic filter which can be passed down the line to other switching servers to be applied at less concentrated points in the Net communication nodes, each software filter having a lifetime where it disappears naturally some time after the attach has subsided.