I thought I would discuss this article written by my good friend Larry Karisny .He is a great advocate for changing the old model of what he calls “good enough security”. Larry has some great points when it comes to where the current security practice falls short.
My thoughts on this subject:
We are in the era of Pirates and Privateers when it comes to security. The pirates “hacker community” has run rampant for many years and each organization is turning to ex-pirates (turned Privateer) to help stop the pirates one at a time. The software and Boundary Management techniques offered by software packages which sit across boundaries 1) Between different networks, 2) Between systems & networks, 3) Between logical systems & physical resource, and/or 4) Between operating systems & applications, are looking at catching the pirates one at a time. But these software packages have to know what they are looking for….. they have to be the privateer which is one step ahead of the pirates.
If you are a privateer catching all the pirates is not a good business, because it works you out of business. Boundary Management by nature will never solve the problem, it will only catch enough pirates to sell its value to keep you paying the privateers. The only thing I would contend with in Larry’s solution is the statement “we need methods of monitoring these software process application messages in real-time data with a data-in-motion firewall” As another boundary management device such as a firewall is not going to be the solution. Don’t get me wrong we don’t need to get rid of firewalls………they are a valuable input to the larger solution.
What is needed is the eco-system of companies to organize like the expanding world had to organize to stop the pirates. Everyone has to get to the point where this activity is not acceptable. The system needs to change from the ground up closing the environment which allowed and enabled the pirates to prosper. Unfortunately this system is bigger than any person, organization, or even government, it is an eco-system of everyone in the digital world.
What is needed is: To set up (begin from scratch) a security Eco-system with Trust-Accountability chains across Products, Industry, and Networks, where only players which can self-verify their trust level and accountability of their data are enabled to be a part of the system. To organize this expanding digital world to stop the pirates.
Keep following my work and releases for more details on how this is done and how the expanding digital world will eventually shut down the ports, channels, and safe harbors where pirates prosper.
Larry’s Article Link: Is Cybersecurity Officially Broken?