Twitter: @ForeScoutArch
CrossFit has been popular for the last several years and among many reasons for its popularity is its methodology and focus on muscle confusion. In a sense muscle confusion is the idea that doing a different regimen every day that mixes up exercises and focuses on the core will “confuse” the muscles and keep them from becoming complacent. The other focus point is its methodology. I like to call it “prescriptive without being predictive.” It’s prescriptive without being predictive because the Workout of the Day (WOD) is “prescribed” for you, but you don’t know what the exercises will be until you show up and see it written on a whiteboard. This method promotes intrigue and a bit of mystique. It encourages accountability among its patrons and a competitive nature like none I’ve ever seen before. Don’t get me wrong, I look more like a competitive hotdog eating participant than one who competes in CrossFit competitions. But that’s sort of the point to CrossFit…it creates a community of people who look like anything from the Pillsbury Doughboy to Rich Froning.
So what? What does this have to do with network security? Network security is like CrossFit in the sense that while CrossFit is focusing on muscle confusion, security professionals are giving their attention to confusing would-be attackers via varied, functional security solutions throughout their environment that promote dramatic gains in their security posture. These varied solutions protect, if you will, the core of their network environment. So what is the core? The core to many companies’ security posture is having solutions in place that protect the endpoint, the perimeter, the web, email traffic, and the “crown jewels” that are potentially different in every environment. So what are the challenges in network security?
- Visibility: You can’t secure what you can’t see. We have to know what we have in order to secure it. The landscape has changed even in the last 2-3 years with more and more things connecting to our networks. (Check out my previous blog using Hide-n-Seek to describe the Internet of Things (IoT))
- Bringing the teams together: If only the network and security teams could learn from CrossFitters…we are better together than separate. These teams are often disjointed because they see their roles as different. Network is trying to make things faster and security is viewed by them as trying to slow everything down.
- The bad guys are smarter than they used to be: Security threats are no longer done for fun, they are sponsored by nation states and terrorists groups to steal critical information and often times cause physical damage.
Look, security is hard. If it wasn’t, any monkey with a crayon could do it. There is no set-it-and-forget methodology anymore, just like there’s no “10 days to a six pack for men over 40.” (That’s just hypothetical by the way…I would never fall for such a gimmick), but I digress.
I love this quote from CrossFit founder and CEO, Greg Glassman that says, “The program prepares trainees for any physical contingency—not only for the unknown but for the unknowable, too. Our specialty is not specializing.” Wow! Does that not sum up our job as security professionals? To be prepared for any contingency – not just the unknown (aka zero day attacks, etc), but the unknowable (the malicious attacker posing as a light bulb on your network). Furthermore, as security professionals, our specialty is not specializing. So whether your security posture resembles that of the Pillsbury Doughboy or that of Rich Froning, ForeScout can help. We can help get you squared away by:
- simply telling you what’s on your network that you need to secure,
- help you classify and control those things,
- and for you hard core SecurityFit rockstars, we can coordinate a plan that leverages other security solutions you have in place by integrating those technologies to help you really flex those security muscles.
As networking and security professionals it’s time to get SecurityFit. At ForeScout we may not have a WOD for you, but we can help transform security through visibility and facilitate your effort to become more SecurityFit by taking that visibility, classification, and control to the next level by coordinating efforts with other networking and security solutions you have in place. Are you up for the challenge? Let’s stop talking about getting fit and get after it. See ya at the box!
