Long lines at the airport are in the news this summer. Blame has been focused on the TSA as travelers stack up to get through crowded security check points.
The phrase sometimes used to describe current US airport security is “security theater”. Meaning, the TSA implements very visible measures, but the public doesn’t perceive the actions as making us demonstrably safer. Rather, they see it as just another inconvenience.
CSO recently published an article that took this concept of security theater and applied it to the information security industry. They looked at some of today’s more high-profile cyber security practices, and discussed which ones are more for show than anything else. The article covers AV tools, perimeter security products and IT security training, among others.
I can add one more aspect of IT security to the list – technologies classified as user threat intelligence, privileged misuse detection, or intrusion detection. These technologies, which are in the current vogue, simply detect the most clumsy and incompetent attackers.
Too Many Security Alerts Leads to Alert Fatigue
In reality, an attacker takes over an existing user’s system, and then operates as they do. Or the attacker simply records everything the user does, thereby not raising any alarms. Even if there is an alarm, the hacker simply moves to another system that is not detected or quarantined.
The theater aspect of this is that most companies ignore the alerts because there is such a high false alarm rate.
Ultimately, no one wants to answer the question: “if they broke in, did their damage, and were detected, then so what?” Without a next step, what is the point of security alert technology, other than counting losses?
Non-theatric cyber defense accepts losses as inevitable. This means running the IT shop so that acceptable losses are part of normal business – with resilience and restoration the focus. By regularly and automatically resetting passwords and other credentials, you can time limit the theft of credentials and the subsequent ability to nest within the environment. And that’s about the best you can do.
As in the airport security scenario, the truth is that there will be some losses. But no one has the courage to put that reality on the table. Methodologies to limit losses is the best case for pretty much every cyber threat scenario.
What examples of cyber security theater have you seen? Leave a comment below.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.