Why Perimeter Defense Fails
There has been an explosion of perimeter defense products in the cybersecurity market. They’re mostly based on the same basic engineering principles:
- Boolean logic sorts the wheat from the chafe
- Heuristics block and tackle
- Detonation chambers execute and analyze code (kaboom!)
- Threat intelligence feeds update the machina
If I’m facing an adversary coming in from the perimeter, that’s a solid model. And it’s effective at stopping most intrusions and initial access methods. But it’s failing us. It isn’t solving an actual problem, which is that attackers are exploiting weaknesses in systems and code. Don’t trust me — fine, I guess. Here’s the data:
According to the National Vulnerability Database, from 2002–2015, there was a significant increase in the number of vulnerabilities with a high/medium severity of consequence but with a relatively low technical complexity.
And just in case you were wondering, the perimeter defense strategy has been running on all cylinders for about 10 years now. Just thought I’d mention that (drops mic).
Listen To Taylor Swift
Simply because a system has vulnerabilities doesn't mean that it's actually exploitable (thanks, @InfosecTaySwift). Attackers have to be able to:
- Identify the system they want to target
- Access it in some way
- Drop a payload onto it or gain unprivileged access
- Control it remotely or enable their nefarious deeds to run by themselves
While vulnerabilities are a component of risk they're not in themselves entire equation. Cybersecurity risk is the likelihood that a threat actor will exploit the vulnerability in the system causing an unwanted consequence. Wall perimeter defense does dramatically augment likelihood, it tends not to influenced the other factors that are of importance as well.
Walls Are Old School
What organizations are really struggling with is a problem of management and control. Managing configurations, software, network segmentation and architecture, vulnerabilities, and insuring continuity with business operations is the actual goal of risk management. Perimeter defense does very little to address this. It's time we started focusing on other things than just the edges of the polygon.
For all the hype around perimeter products, operators can do as much if not more by controlling their infrastructure to ensure that vulnerabilities can't be exploited then they can by trying to build walls around they're connected systems. You show me 100 foot wall and I'll show you a 120 foot fence.
New Capabilities Are Needed
Given all of that, it's easy to say that we need to focus on life inside the perimeter but it's hard to actually accomplish. Most of the security spending happens at the edges — as does most of the innovation. As it turns out, novel engineering is really freaking hard. But we need to refocus our game plan.
In the crawl, walk, run stages of development it's my estimation that we're about to get up off our hands and knees soon. In order to make that happen, we have to refocus where we make bets and where we spent our time.
There is great innovation happening in moving target defense, data security, security DevOps, workflow and orchestration, and software/network virtualization. A number of other emerging fields are also quite exciting that are predicated on the integration of enabling technologies. From improved data science and machine learning to fully reimagined data loss prevention and deep analysis integration techniques, I'm actually quite hopeful that the next 3–5 years will bring about important and impressive capabilities and cybersecurity.
Play Like A Champion
All of that aside, market changing innovation doesn't come along on its own. It has to be engineered, supported, and championed. If we want to change the face of cybersecurity, it's time that we stepped up and first admit we have a problem and then create the game plan to address it.
For my part, my business partner David Odom and I will be stepping up. Through the SecureSet Accelerator, we will invest in disruptive and thoughtful cybersecurity companies that buck the trend of our current floundering strategy.
Together, we will make sure that novel cybersecurity startups get traction, build a better product, and get funded. We will leverage a national footprint of partners, customers, and mentors to attack hard problems in a 16 week focused program designed to validate technologies and give startups an edge in their battle to generate signal over noise. We place a premium on product development and customer acquisition in order to support entrepreneurs with forward-leaning ideas as first class citizens of this market.
If you have a novel product that you’re developing, join with us! Let’s move forward together.
— Alex Kreilein
I write about technology, cybersecurity, startups, and the human experience. I am also a Managing Partner with the SecureSet Accelerator. If you are building exciting cybersecurity or enabling technology products, come Join Us for an immersive experience where we bring customers into iterative product builds and drive rapid market traction!
