Date(s) - 05 Sep 2019
12:00 pm - 1:00 pm
Eastern Time (USA)
Millions are spent, and lost, on cyber security annually. This is not a particularly interesting fact. We all know it, and we all have lived through cyber threats and attacks. The more important insight is that the approach and fundamental philosophy of solving cybersecurity issues has remained largely unchanged for years, if not decades.
Consider the immortal words of the physicist Albert Einstein:
“The definition of insanity is doing the same thing over and over again but expecting different results.”
STOP DOING THE SAME THING!
If our cyber-security defenses are so good, then why all the intrusions and data losses in even the most advanced and sophisticated companies? The answer to this is rather simple:
Cybersecurity has principally been a business of “defense.” That is a mistake.
The theory has been that if you build more and better armor and your fort will become impossible to penetrate. The problem, however, is that with 1,000s of servers and many more devices attaching to the network in new and novel ways, that “fort” is not really a fort anymore at all: it is a highway with hundreds (or thousands) of overpasses, underpasses and through-passes, coursing through at all times of day and night.
Playing defense is a lousy strategy. All it does is allow you to spend more and more money on “cyber security armor” and requires you to live with the expectation that the latest and greatest “armor” will do the trick. It won’t.
No matter how much “security” is put in place, the reality is we are running our data on protocols that were developed many years ago when the Internet was small and as a result of this, these protocols are based on the principle of trust; therefore, to truly defend we need to modify these protocols. The concept is, if the protocols can be changed then the result of this will be frustration and confusion for the adversary.
In this webinar, our world-renowned expert Kevin Cardwell discussed the foundations of a “Defense and Deception” practice, and how the power of using deception at different layers of the network change the game. An important concept to appreciate in Kevin’s analysis is that the attacker depends on information that is gathered during their surveillance, and with deception we change the network so that the attacker’s collected data is no longer valid. That is, what they have gained is useless for them and for anyone else. Rendering data they have acquired to be useless requires the attacker to start the information gathering process over again; so, the faster we make the data they gain useless the better is our defense. In fact, a robust defensive solution is really flipping the roles and putting you in a position of “offense.” By creating a network structure that can change multiple times based on the classification of the threat, each time it changes the attacker is lost and has to start the recon process over again. These concepts change the game and puts the defender in control! We know our networks best and not the hackers!
Among his many other roles as a consultant and trainer for governments and companies throughout the world, Kevin is a highly regarded author, and creator of our Cyber Warrior Certification Program (now also available on Udemy.com).
Also, remember to come ready with your questions, as the sessions are always very interactive.
To learn more about Kevin’s books, visit Amazon here.