Thermopylae, Mt. Hiei and Defensive Security
Back in the day, the bad guys used to focus on the private sector, with financial institutions being high up on the list. Now, government networks are a tempting target with cities like Lake City, Florida, Baltimore, Maryland and St. Louis, Louisiana taking a big hit from ransomware.
It is a complex topic with often unclear conclusions. If you have a network used to deliver critical government services and you are down and can’t get back up, do you reward evil and pay and ransom? There are some saying that this may be a pragmatic approach and one resulting in the least possible pain. Sure, in the best of all possible worlds you could just restore from backup and be done with it – losing a couple days worth of transactions. However, backups get tested a lot more often than restores do.
So, if you find yourself under attack, as Oda Nobunaga did in 1571, when warrior monks who would descend upon the city of Kyoto from their stronghold on nearby Mt. Hiei to stir up trouble, looting and killing folks in town, what do you do? Nobunaga lead a 30,000 man army into the hills where they set fire to the heavily wooded area, burning around 300 buildings as well as the 20,000 warrior monks. Sadly, modern infosec professionals, while they have many powerful offensive security options, typically find themselves unable to summon a mighty army to incinerate their adversaries.
While massive frontal attack with large scale pyrotechnics has an appeal all its own much like a Hellcat Charger or Brock Lesnar, there is another way.
Remember 300, the story of the battle of Themopylae where the utility of geography that effectively rate limits and filters the ingress of adversaries was demonstrated by a smallish group of Spartans and Thespians (300 of the former, 700 of the later) upon a much larger group of Persians (probably 100,000+).
What if you could set up a “hot gates” battleground for your network? It turns out, you can.
We have a product, ThreatARMOR, which effectively does that. One of the challenges most security teams face is the sheer volume of alerts and alarms. Just like a wave of Xerxes’ soldiers, these alerts and alarms come in overwhelming numbers.
Now, imagine after a 30 minute install that you now face up to 80% less malicious traffic – including not only ransomware but also botnets and other nasty stuff. Now more of a trickle than an avalanche, the flow is far more manageable and the bad guys just got the number of total “at-bats” dramatically reduced.
Unlike a firewall, we don’t focus on looking inside packets, we focus on blocking traffic from known bad addresses and neighborhoods. It’s like having a particularly unsavory neighbor – you don’t know exactly what he is going to do, but you do know it’s bad so you not only don’t invite him over, you lock him out.
We update TheatARMOR every five minutes with a constantly updated threat intelligence feed, so you know that you always have the latest protection. We also block outgoing traffic to the wrong places – which helps stop the exfiltration of your family jewels after those troublesome monks have descended from the hills to plunder your resources.
This is where things get interesting – we can manage and if needed, block, not just thousands, not just millions, but billions of addresses. Sure, you can do ACLs on firewalls. You might even be able to do thousands of them, but somewhere before millions you are going to run into some very hard scalability limits, and that is where ThreatARMOR shines.
And for those wanting to take a more offensive stance with their security, I invite you to check out our Breach and Attack Simulation offering released last week, Threat Simulator. Stay safe than thanks for reading.