-1.png?width=350&height=117&name=iuvo_logo_blue_Transparent%20(1)-1.png){kind=logo}
by Bryon D Beilman
I was reading the CSO Online article http://bit.ly/M4G8IF about the practicality of the cyber kill chain approach to network and computer security. The author of this article efficiently compares modern warfare techniques to those used in preventing cyber attacks. Although I recommend you read this article, one of the main points is that the earlier you detect and/or prevent the attack, the easier it is to do so. We have seen this first hand where an attacker will probe a website for a particular vulnerability such as a php code vulnerability that allows command injections. The attacker first probes for a particular module then come back and to try to use it. This would be the equivalence of a thief driving through your neighborhood to notice that the newspapers are gathered in your driveway for the last few days to know that you might not be home.
This process they describe however is true for much more than security and reminds me of my training in Total Quality Management (TQM). In manufacturing the sooner you can find and fix an issue the cheaper it is to fix. Those that spend time automating their engineering process, with quality checks, regression tests and build the process so that they are caught in the beginning have an advantage to those who do not.
This article also made me feel good about our own IT processes and methodologies. We apply similar techniques for our customers to make sure the solutions we provide are done right the first time, because re-working them or dealing with issues later is much more expensive for them and more difficult to do. This makes sense on so many levels, but it is difficult to achieve for a few reasons.
- Doing things right, and building the methodical approach to doing this takes experience and an attention to detail that many do not possess. Luckily the type of people we hire and our collaborative methodologies support this model.
- In our market (IT), there are a lot of competitors and many times customers look only at the initial price. Doing the right solution may be more expensive (initially) to implement, but much cheaper over time. The savings come by being easier to manage, allowing more productivity, less down time or better functionality. The key is to be able to communicate the differentiators.
I think the Cyber Kill Chain approach to security is a good one and the process is being used by top security companies and software. Perhaps you should consider it too.