Page 222 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 222

Your Trojan War

            When reviewing Greek mythology, the Trojan War was fought between the Greeks and the people of
            Troy sometime in the 13th or 12th century BC. We won’t get into the events leading up to the war, because
            those are irrelevant, however, just know that someone important was kidnapped - ever seen the movie
            Taken? Yeah, just like that. The war raged on for quite some time with the Greeks trying desperately to
            find any weakness in the defenses of the city…until one day, they just gave up.

            Let’s assume, for this exercise, that your organization is the city of Troy. No, you didn’t kidnap anyone
            and you haven’t wronged anyone, you’ve just been doing your own thing, trying to be successful as a
            kingdom. You have been called in to put together a team to defend the city. It’s a vast area with thousands
            of inhabitants, all of which have their own specific tasks and duties to keep the city running smoothly.
            There is a large gate encircling the city that provides an initial line of defense and protection for the people
            and goods inside.

            Outside  the  gate  lies the  unknown,  filled  with malicious  threat  groups trying to  lay  siege  to  the  city,
            attempting to capture all that they can whether that is protected information, riches, or even disrupting
            normal operations to the point where the city is hemorrhaging money. All they need to do is find a single
            way in.

            As commander of the army of Troy, how would you go about defending the city?



            Defending Troy with a Static Security Operations Center

            You decide to place sentries atop the city wall who can see for miles it seems. Your instructions are clear
            that they are to report back to you with anything and everything they see. You sit back and wait and
            almost immediately a messenger knocks on the door. They enter and tell you that Jane was planting
            flowers in the city garden.

            Alright, that’s great, but not quite what you had in mind.

            As  the messenger  is  leaving,  another  knock  comes  at  the  door.  Another messenger to  tell you  that
            someone is approaching the wall on horseback. Great. This is the kind of info you were looking for. You
            tell the messenger to go find out more and report back.

            Before they can leave, there is another knock, and when the door opens, you catch a glance of a line of
            messengers  that  stretches  down  the  hall  and  there  are more coming.  Each  one  delivers  a  piece  of
            information to you, with most reports being about the daily ongoings within the city. Someone is baking
            bread, the blacksmith is fashioning horseshoes, and another person is delivering milk.

            There are so many pieces of data that are coming in that you are completely overwhelmed with trying to
            figure out what is relevant to your risk profile as a threat and what is just normal daily activity.

            Thus is born the Static Security Operations Center. A place where all of the network data is funneled with
            no clear picture of what is going on. Who was the person on the horse? Did they keep advancing or turn







                                                                                                            222
   217   218   219   220   221   222   223   224   225   226   227