Page 222 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 222
Your Trojan War
When reviewing Greek mythology, the Trojan War was fought between the Greeks and the people of
Troy sometime in the 13th or 12th century BC. We won’t get into the events leading up to the war, because
those are irrelevant, however, just know that someone important was kidnapped - ever seen the movie
Taken? Yeah, just like that. The war raged on for quite some time with the Greeks trying desperately to
find any weakness in the defenses of the city…until one day, they just gave up.
Let’s assume, for this exercise, that your organization is the city of Troy. No, you didn’t kidnap anyone
and you haven’t wronged anyone, you’ve just been doing your own thing, trying to be successful as a
kingdom. You have been called in to put together a team to defend the city. It’s a vast area with thousands
of inhabitants, all of which have their own specific tasks and duties to keep the city running smoothly.
There is a large gate encircling the city that provides an initial line of defense and protection for the people
and goods inside.
Outside the gate lies the unknown, filled with malicious threat groups trying to lay siege to the city,
attempting to capture all that they can whether that is protected information, riches, or even disrupting
normal operations to the point where the city is hemorrhaging money. All they need to do is find a single
way in.
As commander of the army of Troy, how would you go about defending the city?
Defending Troy with a Static Security Operations Center
You decide to place sentries atop the city wall who can see for miles it seems. Your instructions are clear
that they are to report back to you with anything and everything they see. You sit back and wait and
almost immediately a messenger knocks on the door. They enter and tell you that Jane was planting
flowers in the city garden.
Alright, that’s great, but not quite what you had in mind.
As the messenger is leaving, another knock comes at the door. Another messenger to tell you that
someone is approaching the wall on horseback. Great. This is the kind of info you were looking for. You
tell the messenger to go find out more and report back.
Before they can leave, there is another knock, and when the door opens, you catch a glance of a line of
messengers that stretches down the hall and there are more coming. Each one delivers a piece of
information to you, with most reports being about the daily ongoings within the city. Someone is baking
bread, the blacksmith is fashioning horseshoes, and another person is delivering milk.
There are so many pieces of data that are coming in that you are completely overwhelmed with trying to
figure out what is relevant to your risk profile as a threat and what is just normal daily activity.
Thus is born the Static Security Operations Center. A place where all of the network data is funneled with
no clear picture of what is going on. Who was the person on the horse? Did they keep advancing or turn
222