Perimeter
11/3/2011
06:03 PM
Mike Rothman
Mike Rothman
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Security Ostriches And Disintermediation

HD Moore's Law (unsophisticated attackers leveraging tools like Metasploit) will make many security professionals go the way of brick-and-mortar retailers

I know I'm asking a lot, but can you remember back to when Amazon and other Internet retailers shook the foundations of brick-and-mortar merchants that were caught flat-footed by that Internet thing? Some responded and prospered (sort of), while others went away, unable to compete in the face of the Internet threat. This phenomenon was called disintermediation because it took the distribution middleman out of play.

What really drove this revolution of sorts was data in the hands of customers who could compare prices in real time and buy from the cheapest provider. Those retailers surviving had to offer more than a grumpy cashier, since you could click a few times and have a box show up on your doorstep the next day -- for the same price. It has become only worse for brick-and-mortars, since I can now scan a barcode with my trusty Amazon iPhone app and see if it can beat the price on whatever I'm planning to buy.

Get ready because disintermediation is coming to security. In fact, it's already here and has been for a while, but no one is really talking about it. Josh Corman first surfaced a great way to describe the concept in a presentation at Metricon back on August. So great, I wish I thought of it. He finally (three months later) documented those thoughts in a blog post called "Intro to HDMoore's Law," which states: Casual Attacker power grows at the rate of Metasploit.

For you n00bs out there, HD Moore is the driver of the open-source project Metasploit, which is a penetration-testing toolkit that launches real exploits at devices. Basically what Josh is saying here is that script kiddies now have a tool in their arsenals that provides a point-and-click way to compromise machines. And you (as a security practitioner) need to stay ahead of Metasploit to have any chance at protecting your stuff.

Can you see it? This is security disintermediation, folks. Now everyone has the information and tools to break your boxes and pwn your stuff. For a long time, it was only those with (real) skills who could launch exploits. Or those bad guys with a front that could afford Core Impact. ;-)

When faced with disintermediation, a lot of retailers stuck their head in the sand, like a good ostrich. Ask CompUSA, Borders, and the countless others how that worked out for them. Dead ostriches, that's how. Others took decisive action, focusing on services (think Best Buy's Geek Squad) and value (Costco's unique bundles and packages), and have held their own. Kind of.

The same thing will happen to security practitioners. Security ostriches who cling to their tried-and-true vulnerability scanners and patching products to _protect_ themselves? Pwned ostrich. I heard that tastes like chicken. Those harnessing HD Moore's Law have integrated Metasploit and tools like it into their ongoing testing processes. They know that even the least sophisticated attackers are going to be using Metasploit, so they proactively let it loose on their networks to see what happens.

You can't hide anymore behind security obscurity. You can't assume you aren't a target. It's just too easy for some of these folks to break in, so they will. But the good news is with some decisive action and a little work, you won't be the path of least resistance. There are plenty of other ostriches being disintermediated as we speak, which should keep the bad guys busy for a little while.

A very little while. So get to work.

Mike Rothman is president of Securosis and author of the Pragmatic CSO. Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.