I recently had the privilege to be a speaker at B Sides Nashville, thanks to the wonderful organizers and volunteers, who made it possible. There were a whole host of great talks on a variety of topics ranging from burnout, to awesome hacks, to new concepts. My speaking slot was for 4 pm, so I had some time to spare, attending other talks and mingling. I decided to attend the talk before mine at 3 pm. When I got there, it turned out the individual who was slotted to speak before me had a family emergency and was unable to make it. Luckily, Winn Schwartau stepped up to the plate to fill the gap.
Timing Is Everything
The talk he white boarded was titled, “Applying Analog Thinking to Digital Networks” which incorporated, among many other things, his concept of Time Based Security (Schwartau, 1999). I very much enjoyed the talk and found it a hard talk to follow in the lineup. It was brilliant. When I got back to Auburn Hills, I purchased the book and dove in.
The basic concept of Time Based Security revolves around PDR (Protect, Detect, Respond). Now, if we assume that the question is not “Will we be breached?” but rather “How long until we are breached?” as JJ Guy alludes to during his brief entitled “The Assumption of Breach”, we can begin to think of PDR as functions of time which Schwartau outlines in a simple, arithmetic fashion.
Pt > Dt + Rt
Effective Security Relies On Timing
The time it takes for a team to detect and respond to the breach is shorter than the time it takes for the attacker to realize their objective then your system can be said to be secure. Schwartau uses the example of safes in his book. The security of a safe can be measured in the amount of time it can withstand drilling, allowing for the alarm system and subsequent police response to do their job.
From my perspective, this opens a very different way of looking at security. In a previous post Mitigating The Insider Threat I had written about detecting an insider threat by looking for the behavior of data being infiltrated. What if we took it one step further and increased our Pt by modulating the amount of upstream bandwidth available. So, detecting an unauthorized upload, a script is executed which interacts with the API of a bandwidth rate limiter, reducing their upload speed to 28.8Kb/s. There we have slightly increased the Pt which gives the analyst and incident responder time to react before the file has completely left the network
All in all, I found both the book and talk to be highly thought provoking and well-worth the time spent musing over them. Below are links to the book and talk if you are interested in checking them out.
If you are interested in the book, click on the link. Or, if you are interested in listening to click here.
Interested in learning more, Click the Call Me Now! and A VioPoint associate will be with you shortly.