If you haven’t read “The Martian” or seen the movie, stop right now and go read it. It’s a great book, and this article will contain spoilers. You’ve been warned.
As a security professional, there have been times when I felt like I was stranded on Mars. When attacks happen, time isn’t on your side and sometimes you have to do everything yourself, relying on your own wits to get the job done. While reading The Martian, I couldn’t help but consider what skills and thought processes would help a security professional handle an incident. In other words, what would Mark Watney do?
Watney’s analytical approach and ability to think outside the box helped him survive in an environment that did everything it could to kill him. Some of today’s advanced cyber threats have skills and resources that far outweigh the average organization, but they don’t stand a chance against security teams with the right mindset and a little bit of luck.
Adapt or die
When you are stranded in the near-vacuum of Mars’ atmosphere with only enough food to survive a few hundred days, it is easy to understand the need to adapt to your environment or die. However, security professionals need to approach their purpose with the same level of determination. The bad guys already understand this. After all, their income is based entirely off adapting to your network environment. So they monitor your threat feeds, analyze your tools and change their malware and tactics until they are able to circumvent your security measures without detection.
We must stay one step ahead of them. Keep up with cyber-attack trends, create a threat intelligence function, learn something from every security incident and spend a moment of every day thinking about how you can make your network as inhospitable to outsiders as the surface of Mars.
Plan for failure
A plan is good until it makes first contact with the enemy. Watney had backup plans for his backup plans. Part of that came from NASA’s culture of building redundancies, but Watney also understood the danger of being unprepared when a critical system failed. Unfortunately, systems fail and tactics may prove ineffective. You cannot rely on success, but you can prevent some failures from becoming catastrophes.
For example, take internal network security. Firewalls and access controls are good, but they are not infallible. If an attacker makes it through your perimeter, what is stopping them from taking everything on the network? Proper network segmentation is a great place to start. Just as the “Hermes” spacecraft has internal airlocks in case of a hull breach, segmentation confines intruders to only a small part of the internal network.
Testing and rehearsals are critical
Even though planning for failure is necessary, we should also be doing everything in our power to prevent failure. Watney tested and rehearsed each of his plans ad nauseam. When he modified the rover, he spent days driving it around the Hab to make sure everything worked correctly and it could withstand a beating.
Security tools need to be stressed and pen tested to ensure they can hold under pressure, but this approach is also applicable to processes. Do you have an incident response plan? (You should) Have you tested that plan? Rehearse everything, and do it under different circumstances, so you can identify weaknesses and shortcomings before real danger is present.
Utilize lateral thinking
While Watney had advanced machinery and materials designed specifically for Mars, none of it was meant for use beyond 31 days. Watney had to stretch it for a year and a half and use it in ways it wasn’t intended. To do that, he had to get creative. He modified machines, adapted materials and even jury-rigged a potato farm in his living quarters.
In cyber-security, organizations cannot afford to buy a new tool for every specific need. In fact, attempting to do so is ineffective and can lower the overall security. Instead, we must adapt our tools. Oftentimes, we can use them for purposes the designer did not envision and make them work with our other tools in creative ways. Again, this is also applicable to processes. What doesn’t work at another organization may work in yours. Maybe your team is versatile and benefits from regular role reassignments. Maybe your tools are also beneficial to network operations, which can help garner more funding for future cooperative investments. Don’t be afraid to try new and crazy things. It just might save you.
Remember to laugh
Cyber-attacks are stressful situations, and it is important to keep a level head and make good decisions. Watney was a compulsive jokester. From making wisecracks to Houston to trolling the media back on Earth, he never failed to laugh at the ridiculousness of his situation. This attitude kept him moving forward when it was so tempting to just give up and die on Mars.
Laughing keeps our spirits up and helps put our coworkers at ease. This is critical because responding to attacks requires fast reactions and good decisions. When we remain calm, we are better able to think laterally and work with others to solve a problem. Never forget to laugh.
Security may not seem like a life-or-death situation, but failing to contain a data breach can have far reaching consequences, from a loss of revenue and customer confidence to literal real-world danger. And sometimes the bad guys appear unbeatable. But if we can tackle this problem with the same mindset and fervor that Mark Watney used to survive on Mars, the attackers don’t stand a chance.
[su_box title=”TK Keanini, CTO, Lancope” style=”noise” box_color=”#0e0d0d”]TK Keanini, is CTO, of Lancope. Lancope, is a leading provider of network visibility and security intelligence to defend enterprises against today’s top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope’s StealthWatch® System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day Malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope’s security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team.[/su_box]