Recently, on a rainy Colorado afternoon, I sat down at my kitchen table to decide how I was going to upgrade our home security system. Just as anyone who has gone through this process would do, I walked around the house and looked at all of the possible ways an intruder could attempt to enter. I thought like an attacker, and determined how I would defend against any attempt to gain access.
This is how all physical security defense is done: analyze all possible access paths and put defenses into place at each one: locks, sensors, access codes, lights, and other approaches combine to create a defensive shield.
While this approach is obvious for physical defense, it’s rarely employed in defense of enterprise systems and networks. Instead, many organizations rely on the equivalent of a guard sitting at one entrance expecting to see all access attempts when there are other doors to breach and a back fence that can be scaled.
One of the reasons for this approach is the incredible complexity of even the most basic enterprise network. With dozens to tens of thousands of extremely complex devices interconnected in an entwined web of cables and wireless meshes, it is, quite literally, impossible for humans to parse much less accurately understand and manage. You need systems to do it for you.
Much like home automation is coming into the mainstream with both Google and Apple offering integrated means for monitoring and managing everything from temperature and lights to locks and door status, automation for networks to be sure that your network is configured the way you expect and doing it the way you want it to be done is mission critical.
If you missed the initial post on this topic, see Inside the Mind of an Attacker: Part 1