Changing the Rules of the Game

A common defensive rule of information security is that once you detect an attack against your organization’s Web applications, you must mitigate the attack by stopping it. In other words: “stop it once you can”.

But what if the rules of the defenders vs. attackers “game” have changed and the teams are not playing in the same league anymore?

For example, here are some of the “game” changers from recent years:

• The playground (aka an attacker’s computing resources) became ridiculously cheap to hire (if not available for free)
• The players of team “black” (also known as attackers) became more persistent, targeted and ruthless
• The players of team “white” (also known as defenders) became overwhelmed by endless amounts of security incidents and are constantly one step behind the attackers

In recent years we have seen an increased number of defenders changing the rules of the “game” and adopting new defensive techniques. Those techniques give the attacker a deceptive feeling that the attack was not detected, reducing the attack effectiveness to the point where it will take too much time and resources to be considered complete.

Maybe the common defensive approach is not good enough; maybe it is time for more defenders to step-up their game and introduce “game” changing rules?

Read more about it in "infosecurity-magazine" - http://www.infosecurity-magazine.com/opinions/changing-the-rules-of-the-game/