Working in security, I see some scary things. And there are few holidays scarier than Halloween, except maybe Black Friday for the security guard at Walmart. Inspired by Dan Tynan’s “7 Monsters of Tech” post, I decided to share with you who I think are the scariest ghouls this side of the data center.
Trolls – IT departments are seen as trolls to most businesses. They either deny requests or demand a tribute before allowing them.
Ghosts – Security teams haunt IT like a ghost. They swoop in to cause chaos by demanding project security audits.
Witches – Analysts are the witches (think Macbeth) staring into their bubbling cauldrons and making grand prophesies about the horrible future about to befall us all…
Shape Changers – Good, white-hat pentesters are shape changers. They have the ability to morph and change to match their environments.
Goblins and/or The Invisible Man – Hackers and “bad guys” in general can vary from goblins to the invisible man, scrambling around inside of your network’s dark corners. It’s important to be predictive to try and protect yourself against an enemy you might not be able to see.
Zombies – DDoS is a zombie attack. The undead are not very strong or skilled, but their sheer numbers overwhelm defenses.
So how do you take these monsters on?
For a monster like a zombie, (DDoS) there is no true defense. You can take a few of them out with a chainsaw, but if they outnumber you, they will eventually win. Other tools come in handy to defend against the other forces though, if you think of firewalls and ISPs acting as chainmail or armor. Penetration testing is good old-fashioned ninja-like training but the biggest defense tool against all of these creatures is being predictive and proactive. Knowing how to not only keep them out, but protect what is important if they breach your defenses is the only way to survive any security monster attack. Happy Halloween! Alex Horan Product Manager