Gartner: On "Defender's Advantage"

InsightaaS: The Gartner Blog Network collects posts from across Gartner’s research community. In this post, Gartner research VP Anton Chuvakin looks at whether lessons from military history, which shows that defenders have an inherent advantage, can be applied to IT security, in which attackers are assumed to have an advantage rooted in increasing complexity. Chuvakin asks the unconventional (at least, in professional discourse) question, “So, are we f*cked or what?” and goes on to discuss possible means of creating defender’s advantage for IT security. 

I was not able to find the original author for the quote “The attacker can exploit just one vulnerability to get in, while the defender needs to protect all ways in.” This line of thinking has long been used to sow depression and lower the morale of aspiring security professionals, tasked with protecting the enterprise IT environments and information. Furthermore, the ever-increasing complexity of our environments (adding cloud and mobile, while keeping mainframes and Windows XP) made the list of said “ways in” so much longer and thus the depression so much deeper. “More furthermore”, as millions new devices are connected and as organizations lose track of what is connected to what and what data moves where, the challenges with network defense look more and more daunting…

All of this hints at a hypothetical “Attacker’s Advantage“ that affects security planning and architecture (defense in depth, layers, etc), risk management, threat assessment, monoculture thinking, etc. Of course, the same line of thinking made attackers [and pentesters] rejoice and have another beer at the expense of defenders everywhere :-)

So, are we f*cked or what?

At this point, let’s briefly leave the cyber domain and visit the domain of warfare…

Read the entire post:


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.