“Active Defense” The New Digital Wild West Justice
Bringing A Knife To A Gun Fight
So, companies are starting to consider what is being called “Active Defense” against would be attackers online. Given what I know about the places I have seen over the years as a consultant, I would have to say that this would be the net effect of bringing a knife to a gunfight. Why you ask? Well, because as we have seen generally, and are being told all of the time by numerous people, we, generally, do not have very good defenses in many companies never mind the wherewithal to “strike back at” anyone that might be knocking on your digital door. This my friends, is one of the worst ideas in all of human kinds existence.
No doubt it will be the norm soon though, with a vendor on every stoop selling the next whizbang “blackice” to get those pesky APT’s
Wheeee, I can’t wait! Look, why not just fix the stuff you have and work on keeping it secure and not letting the bad men in first shall we? What? That’s not sexy enough? You say it’s not proactive? You need to see blood once you have been hacked?
Earps, Clantons, And The Duck Of Death
I can see it now, it’s going to be akin to Old West gangs on the internets. The Duck of Death will be out gun-slinging, calling out all those weaker sorts in his clipped British accent.
“Come now sir, you really think that firewall will stop me? Don’t you know who I am? I am the Duke of Death”
This will just get out of hand and incredibly stupid. Sure, you can say that you are just going to maybe tarpit those attackers to prevent them from getting in quickly, but, you have to know that there will be (already are) services where blackhat types will hack back against those who “dun you wrong”
*spits into spitoon*
“Yup, I can git a cyber posse together and we can capture those there cyber varmints that done you harm lil missy”
This won’t end well…
Seriously? We Can’t Even Secure Our Shit
On a more serious note though, how many companies are really in a position to even think that they are near being secure? What we have developing here is just a reactionary “for hire” model of blackhats, and really, who’s to say that this company you are hiring isn’t going to rat you out in the end anyway? Or, for that matter, that their super blinky light appliance really will do what they claim and.. Well… What? Attack who? God, don’t even get me going on attribution here! I mean, really, c’mon, I have been all over this, who’s to say that Pharmacombinate A actually hacked your secret sauce in the first place? Especially if you have poor defensed already and no real way to tell if you are right.
Oh, and do you have a proactive and knowledgeable security team anyway? Do they have control over the environment (as much as anyone can) to respond not only to an incident, but also the aftermath? Are they in fact going to push the button on countermeasures? Will it be automated and perhaps cut off business operations because someone forgot to enter an IP address into a firewall or “hack back” appliance? What if it’s a client or business partner under that same scenario? Are you going to hack them? Block their traffic and thus go back to the issue of stopping work flow?
Nope, this is an idea that will just end in heartburn and law suits I suspect….
Bad Ideas, Like Cockroaches, Proliferate Quickly
Oh well, I am sure there are plenty of vendors out there printing up color glossies for the rubes to buy. Others are making appliances with blinky lights and maybe even sound effects
“PEW PEW PEW! GOT YOU ANONYMOUS!”
Oh there will be douchery, and lots of it I suspect. Say, how long does snake oil take to ferment anyway?