Active Defense: The New Digital Wild West Justice

Tuesday, June 19, 2012

Infosec Island Admin


Bringing A Knife To A Gun Fight

So, companies are starting to consider what is being called “Active Defense” against would be attackers online.

Given what I know about the places I have seen over the years as a consultant, I would have to say that this would be the net effect of bringing a knife to a gunfight.

Why you ask? Well, because as we have seen generally, and are being told all of the time by numerous people, we, generally, do not have very good defenses in many companies never mind the wherewithal to “strike back at” anyone that might be knocking on your digital door.

This my friends, is one of the worst ideas in all of human kinds existence. No doubt it will be the norm soon though, with a vendor on every stoop selling the next whizbang “black ice” to get those pesky APT’s

Wheeee, I can’t wait! Look, why not just fix the stuff you have and work on keeping it secure and not letting the bad men in first shall we? What? That’s not sexy enough? You say it’s not proactive? You need to see blood once you have been hacked?

Oy vey…

Earps, Clantons, And The Duck Of Death

I can see it now, it’s going to be akin to Old West gangs on the internets. The Duck of Death will be out gun-slinging, calling out all those weaker sorts in his clipped British accent.

“Come now sir, you really think that firewall will stop me? Don’t you know who I am? I am the Duke of Death”.

This will just get out of hand and incredibly stupid. Sure, you can say that you are just going to maybe tarpit those attackers to prevent them from getting in quickly, but, you have to know that there will be (already are) services where blackhat types will hack back against those who “dun you wrong”...

*spits into spitoon*

“Yup, I can git a cyber posse together and we can capture those there cyber varmints that done you harm lil missy”.

This won’t end well…

Seriously? We Can’t Even Secure Our Sh*t

On a more serious note though, how many companies are really in a position to even think that they are near being secure? What we have developing here is just a reactionary “for hire” model of blackhats, and really, who’s to say that this company you are hiring isn’t going to rat you out in the end anyway?

Or, for that matter, that their super blinky light appliance really will do what they claim and... Well… What? Attack who? God, don’t even get me going on attribution here! I mean, really, c’mon, I have been all over this, who’s to say that Pharmacombinate A actually hacked your secret sauce in the first place? Especially if you have poor defensed already and no real way to tell if you are right.

Oh, and do you have a proactive and knowledgeable security team anyway? Do they have control over the environment (as much as anyone can) to respond not only to an incident, but also the aftermath? Are they in fact going to push the button on countermeasures?

Will it be automated and perhaps cut off business operations because someone forgot to enter an IP address into a firewall or “hack back” appliance? What if it’s a client or business partner under that same scenario? Are you going to hack them? Block their traffic and thus go back to the issue of stopping work flow?

Nope, this is an idea that will just end in heartburn and law suits I suspect….

Bad Ideas, Like Cockroaches, Proliferate Quickly

Oh well, I am sure there are plenty of vendors out there printing up color glossies for the rubes to  buy. Others are making appliances with blinky lights and maybe even sound effects


Oh there will be douchery, and lots of it I suspect. Say, how long does snake oil take to ferment anyway?


Cross-posted from Krypt3ia

Possibly Related Articles:
Information Security
Enterprise Security Advanced Persistent Threats Network Security hackers Attribution Digital Vigilantism Offensive Security Active Defense
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.