« Cisco TrustSec requires an upgrade to your network gear - No Surprise! | Main | Cats in the cradle and other New Years thoughts »

December 28, 2007

The herd approach to security disturbs some folks

It seems my article the other day commenting on Matt Hines article on Andy Jaquith's report on security companies relying on "the safety in numbers" approach to security to protect the herd as a whole has invoked some feelings strong enough for people to comment. Currently there are three comments which I want to highlight.  The first is from Mike Fratto.  The Syracuse whiz I think agrees with me that this type of approach is pragmatic and ultimately delivers more results and protection than all of the so-called zero day protection that we have heard so much about.  Mike calls it dead on when he says bad guys make malware, good guys then have to find it and protect against it.  That is the way it is and the way it will always be.

Next is the middle approach from Shawn.  Shawn agrees that this is a logical first step, but sees the risk to the individual as a member of the herd. Can we truly trust the herd to protect us?  Do the ones keeping the herd have our best interests at heart? Is giving up some of our privacy and individuality worth the protection we potentially get?  All good questions by Shawn.  Whether we are talking about security or any other threat to a group, I think these are the questions that the herd mentality raises.  I think nature has already answered these questions and by by its frequent use of the herd behavior the answer is that it is worth the sacrifice and the risk for the greater common good.

Last and I think most disturbing to me is Mitchell's reaction.  I don't know, maybe since Mitchell left StillSecure he has been drinking heuristic Kool Aid.  Mitchell, I think says that the bad guys will always be faster in this "flawed model of security".  However, what I think Mitchell misses is that the bad guys are always faster anyway.  The security industry is always re-active to the bad guy almost by definition.  So why do Mitchell and those who agree with his view feel this way?

I think that in their quest to "win the war" on security they think they will move from reactive to proactive.  That they will outsmart the bad guys and be able to anticipate the next bad guy move.  They want to think they can win.  I think it is in what you define as winning.  I don't think we ever are faster than the bad guys or act before they do. I think a much more pragmatic approach is to do what we can to harden our systems against attack and mitigate the risk of attack, but assume a new type of attack can succeed because we just cannot anticipate everything the bad guys do.  Therefore in an analysis of the greater good, a pragmatic approach that leverages a "neighborhood watch" as Mitchell calls it offers real world, real protection, rather than pie in the sky, wishful thinking about out thinking the bad guys.


TrackBack URL for this entry:

Listed below are links to weblogs that reference The herd approach to security disturbs some folks:


My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.


Lijit Search

Blog powered by TypePad
Member since 10/2005