IT security leverages the herd mentality
The principle of safety in numbers and hence the herd mentality is a well known evolutionary response to protect a species as a whole. This herd mentality has been used in nature over and over again. It is great, unless of course you are one of the unlucky ones that the gods of randomness (or maybe it is natural selection at work) pick as one of the sacrificial lambs, so that the group as a whole can survive. For many years I have seen IT personnel hide behind the safety in numbers argument as an excuse to do nothing about security. The argument went like this, "with so many computers and networks vulnerable and reachable over the net, what are the odds of one of the bad guys hitting my machine or mailing a worm to my mailbox or yada, yada, yada". Of course sooner or later, they are one of the unlucky ones and so is born a bona fide security buyer. Unless of course you ran into a really thick headed person, who would now say that once bitten, what were the odds of being hit again. Lets not even get into that for now.
But in a twist, this InfoWorld article by my bud Matt Hines, highlights a new research report by Andy Jaquith over at the Yankee Group. Andy details a new way that security vendors are leveraging the heard to provide better protection to the customer base as a whole. Some vendors in the malware wars are using data collected as a result of targeted attacks on their customers devices to gather advance warning to protect other customers not already being attacked by this specific malware.
Putting aside the issues of privacy and whether a particular customer would mind donating their data for the benefit of other customers, to me this is a fundamental shift in threat detection from the past few years. The last 5 years to me have been the age of the zero-day attacks. Most security companies spent untold millions on research and untold millions more on marketing, trumpeting that they could anticipate the next attack and stop it before it happened. They could out think the bad guy and anticipate his next move. An attack did not need a signature, the "behavior" and heuristic algorithms would seek and destroy any zero-day attack. Huge research teams like X-force, eEye and Tipping Point's bounty hunter program were on the alert and providing protection against zero-day attacks without having to see them first.
Have we finally thrown in the towel on this failed exercise in futility? Are we finally admitting that the bad guys always seem a step ahead of us. That what we can do is sacrifice a couple of lambs to learn to about these new attacks and quickly protect the rest of the herd I for one say it seems a lot more reasonable to me. It may not tie everything up in a nice little bow and give us the happy ending we all want, but I think it is a more realistic approach to protecting the greatest amount of people. And after all that is the goal of the herd mentality, the greater good of the whole versus the sacrifice of the individual. Of course as I said to begin with it, all is well and good as long as you are not one of the unlucky ones.