I love being an ‘80s child. Every time I stumble across a movie from my childhood, I’m reminded of how simple life really used to be. It was nothing but pure unadulterated freedom and rad-ness everywhere.
In many ways, you can draw parallels between what security used to be in the ‘80s and what it has become today. Take anti-malware programs, for example. The initial concept was very straightforward and simple. Find bad file; put bad file on a list. Anti-malware program runs and searches for files on said list. When bad file is found, kill it. And it worked! The main source of contention here is that back then there were maybe a few hundred pieces of malware in the wild. Now, estimates are as high as over 100 new pieces of malware per hour.
In the same way that technology has complicated childhood today, it has also complicated many other facets of our lives. Over the years, numerous vendors have come and gone - all developing technology based roughly on the same techniques of yesteryear. Malware is certainly problematic, but a good cyber security defense strategy goes beyond just scanning and validating files.
The Human Security Model
There are several other techniques used by our advisories. Often built-in system utilities and known-good remote administration tools (RATs) are used. Obviously these types of utilities are not malware. So now what?
It’s a three step process - Observe, React, Improve
Observe – Situational awareness is extremely important when it comes to cyber security. Your tools of the trade are the information to which you have access and your ability to analyze the data - threat intel, environmental activity, and baseline behavioral data.
React – Having the data and intel available is only the first step. A human must ultimately make the decision if something warrants further investigation or if a response action is required. The investigation process and response are solely on the shoulders of the analyst.
Improve – Post investigation and response, it’s important that you then digest and implement what was learned. Again, a function of human security, it’s equally important that what was learned is implemented to improve your security posture and to prevent further attacks.
There is no doubt that there will someday be an artificial intelligence (AI) system in place that can handle these kinds of tasks; however, the human security model is to date the best security model available.