Is your Cybersecurity 3 Strong?
1 of 3 - Anonymity
In the cybersecurity warfare, often the attackers have an advantage over defenders of the network.
Reason being, an attacker only needs to get it right once in a thousand trials with huge potential rewards. On the other side, defenders need to get it right all the time or else penalties can be catastrophic.
Sadly, the data speak for itself. Though the organizations are adding more locks to their doors, they are not getting more secure. Enterprises with 11-20 security vendor’s solution have grown from 18% to 25% just in one year from 2016-2017, while the number of breaches affecting more than 50% of enterprise systems has more than doubled from 15% to 32% during the same time (source: cybersecurity report 2018 from Cisco).
Maybe this proves a mythical notion that if time is not a variable (infinite or closer to zero), any action will eventually converge to a result, positive or negative. For attackers, time probably is infinite as they can keep on trying until they succeed. For defenders, they always have less time to react and far too many knobs to turn, and hence higher chance for failure.
So, how do we tilt the scale and ensure that the defenders have an advantage?
It is important for a cybersecurity solution to be 3 Strong:
1. Security by Anonymity
2. Security that is self-evaluating
3. Security that is insight driven
For this blog, let us focus on Security by Anonymity. But before we hit a wrong note, we must get the definition right.
Security by Anonymity implies a solid, but hidden layer of security that is invisible to attacker and hence anonymous. It does not mean creating a security model that is based on ‘secrecy of the implementation or its components’.
Security by Anonymity follows a paradigm that, a security layer when implemented with security by design intent and cannot be seen by an adversary, offers a higher layer of protection.
For existing perimeter-less enterprise networks with thousands of end points and IoT devices, providing a full ground cover with endpoint protection is impossible. Moreover, threat actors are becoming more capable in evading ‘visible’ security apparatus such as signature-based endpoint protection system and other security sand-boxing techniques with sophistication and covertness.
This is particularly true for APT (Advanced persistent threat) scenarios where the attacker monitors and studies the ‘visible’ security installed for months before launching the attack.
Therefore, security defenders require a new weapon in their arsenal – a security layer that acts as an invisible shield, working in the proximity of the endpoints, with an ability to detect and block malicious traffic.