When I was younger, I recall hearing about these street magicians who used sleight of hand to confuse onlookers in three-card monte. It's simple enough. Three cards are face down. A fast-talking person's hands would shift three cards around three spots so fast that I thought he had multiple hands. The outcome? The guesser would usually select the wrong card. This sleight of hand reminds me of what happens when bad actors attempt to hack into servers but are thwarted when the server - and all of its information - is destroyed or essentially disappears. Chief Security Officers (CSO) use many security methods to slow down advances made by bad actors. The actions they take are no illusion.
Protecting against a security breach is a constant cat and mouse game. Hackers are always developing new techniques to access sensitive information. Your CSO wants to make sure the security boxes are checked to feel confident that not only are you using resilient software, but it also meets the standards of your organization's security measures. After all, news of successful cyber attacks moves faster than the hands of experienced three-card monte dealers.
Let's look at one of the many methods Kingland uses to keep client data and information safe - polymorphic security.
Anatomy of a Hack
Commonly, an attacker will enter a security system through a publicly exposed server or database, map out the network, and choose their next target based on where they can reach. Once they're on a "trusted" server, their attack can propagate quickly. The first and easiest defense against this is to not expose any application servers publicly. Even in cases where there is only one server, an experienced team could expose a Load Balancer publicly, which would provide a much smaller attack area for an intruder. Load Balancers are physical devices that direct traffic to different web servers, minimizing bottlenecks and keeping servers working efficiently.
The concept behind polymorphic security is that it's much more difficult for an intruder to "map" your network if it's always changing - much like the misdirection of the card dealer. If your servers are constantly being created and removed, then the addresses of your map continually change.
Let's say you have thousands of servers. Throughout the day, you may have several hundred destroy and rebuild themselves and receive a new address in the process. If something has been installed on one of those servers, it will disappear when the server disappears. If a breach were to occur, and someone installs a utility that passively sits there to map the network, the information on the server will be deleted along with the information. This action can occur as often as every 10-15 minutes or sooner in some instances.
This action buys time - and time is money.
Client Data Security
Because of the nature of information security, the patterns of attackers continually change and the development world needs to keep up, which is why it's critical to invest more each year to a set of processes, controls, and technologies that provide multiple layers of defenses against emerging threats.
This automated sleight-of-hand maneuvering can help mitigate risks and negative public perception.
In this example, you're able to frustrate potential bad actors, causing their attack maps to be out of date and difficult to use. This is one of many security efforts Kingland uses to examine our risks and develop a security roadmap to augment our ability to deliver client-specific solutions in a timely manner.
Want to help your security team thwart bad actors? Speak with your security leaders to ensure the vendors you work with and the software you employ meet or exceed corporate standards. Continue those conversations with the security team because they can help you identify new or potential vulnerabilities moving forward. They can also help you see through the flashy illusions created on many product pages.
Want to discuss how our processes create a secure, data platform for unique data requirements. Request a call.