Lessons from the Magnificent Seven for Cyber Security using Network Consensus™️
The Magnificent Seven is a movie about a Mexican village that is at the mercy of Calvera, the leader of a band of outlaws. The townspeople, too afraid to fight for themselves, hire seven American gunslingers to free them from the bandits’ raids. The professional gunmen train the villagers to step out of their traditional roles and become proactive in defense of their village while planning a trap for the evil Calvera. The movie is inspiring as you watch a small band of dedicated professional gunmen takes on considerable odds in defense of a hapless Mexican village.
“If God didn’t want them sheared, he would not have made them sheep.” – Calvera
The quote above is from Calvera, the bandit who regularly pillages a small village in Mexico. He is speaking to the members of the Magnificent Seven, and trying to talk them out of defending the villagers, whom he sees as his sheep. His is an excellent rationale if you are a bully and a thief!
As you might expect, this argument is precisely what global hackers say when it comes to your organizational data, just as it does not persuade the seven professionals who have entered into a kind of consensus and taken the job on a matter of principle. Creating a kind of consensus inside your network will not dissuade a world-class cyber professional from protecting data.
Network Consensus™️ the words make sense, and the concepts behind them are even more simple:
The word consensus means a generally agreement or decision among a group. A network is a group of computer systems and other computing hardware devices that are linked together through communication channels to facilitate communication and resource-sharing among a wide range of users.
Frequently, organizational leadership and IIT Staff feel much like the villagers in the movie, victimized, bullied and about to be sheared. Indeed, the villagers are much more vulnerable and sympathetic than an organizational team. However, the motivation of a hacker and the eventual plaintiff’s trial attorneys are very similar to that of the bandit Calvera. This motivation can be greed, which is fueled by money and power.
“The Romans had a proverb that money was like sea water. The more you drink, the thirstier you become.” – William Barclay, a Scottish philosopher
So what makes The Magnificent Seven applicable to @RISK Technologies? To have courage in the face of insurmountable odds and an unwillingness to cut and run when given the opportunity.
One definition of magnificent is noble, and just as these hired guns see their salvation in taking up the great defense of the villagers, IT professionals can take up a more effective defense of the network. Like the Magnificent Seven, they are just as determined that Calvera’s of the DarkWeb will not shear the network “villagers” again.
The concept of a noble cause also resonates with effective cybersecurity defense. Calvera underestimated the commitment of the men he faced, and it was a huge mistake. Think of the traditional roles of networking equipment like routers and switches as being like members of the village. Routers and switches are both computer networking devices that allow one or more computers to be connected to other computers, networked devices, or to other networks.
The Magnificent Seven are like the roles played by security devices like firewalls and malware protection software. More advanced technologies include Secure Web Gateways, Security Information Event Managers (SIEMs), Managed Detection and Response (MDR), Endpoint Detection and Response (EDR) and other point protection technologies. Think of them as highly trained cyber gunslingers.
Outgunned by the evil Calvera and his gang, the Seven gunslingers quickly understood the power of organizing the villagers in a cause. They knew that the villagers had very critical roles in providing early warning, but they understood that each villager had a story to tell about the past exploits and wrongs done to them by the Calvera gang.
Armed with this knowledge the Seven begin to put a plan in place to transfer past wrongs placed on the villagers back onto the Calvera gang. The Seven created a consensus by making modifications to the business, home and village infrastructure to mitigate losses and reduce risk. They also arrayed their defensive capabilities using engagement areas or zones of their defense. Each zone had a role in reducing or attriting the threat posed by the Calvera gang. This managed defense in depth was designed to ensure that no one person in the defense had too many things to worry about; thereby enabling to be more effective in their defense.
Cyber experts should follow this best practice and leverage packet data, firewall, switch, VLAN, device and software logs to tell about past exploits. Armed with this knowledge they can deconstruct complexity by building threat engagement areas. Armed with these analytic zones they can bin the threat in ways to help them put things in place to attrit or reduce risk. One simple way is to create a zone relating to the assets they own and refer to the National Vulnerability Database and put a plan together for the mitigation of risk.
Like the village, network inhabitants are telling a story. What if you can unify all of those devices to each contribute to a more secure environment? What is a laptop able to share about past exploits? What about your Microsoft products, do they have a story about the Calveras of the world wide web?
Just like the Seven, an organization can build a consensus by using a quorum to enlist all their network devices regardless if they are security or network appliances. Enlisted in a Common Cause, each dedicated to mitigating risk by zone, and are able to share their logs and learning about past exploits. An administrator can then use those vulnerability stories to identify the weaknesses within zones of the network to make the defense more manageable.
Armed with this knowledge, anyone can surface where the gaps in each zone are within a network are before a “Calveras and his gang” can exploit them. Instead, a disjointed reactionary approach to defending the village network, creating a consensus creates a more unified, preemptive and proactive defense.
Using a probabilistic reasoning approach, cyber and network devices work together to corroborate will yield a more effective way of reducing or attriting risk by zone. When the signal to noise ratio is reduced it will result in less conflicting and noisy alerts, a quorum amplifies the correct alert through hypothesis building.
A simple example is where one may hypothesize that one zone, assets, is the most risky zone in the network because of all the devices that have been breached in the past. Using corroboration between the cyber and network appliances an organization already owns, measuring historical exploits of the past help defenders to mitigate and transfer risk.
The cyber version of the Magnificent Seven will work with the Network “villagers’ to identify a problem based on lessons learned from the past. By using Big Data Analytics on raw PCAP entering and traversing a network, the threat is forecasted. When the threat arrives at the router, in real time, the router, firewall, VLAN, endpoint device and other system logs conduct machine learning at machine speed to quantify the risk.
This kind of unified cyber situational awareness enables organizations to preemptively prepare for any attack and proactively respond to any attack. The secret was to listen to the network villagers and measure the threat, mitigate it and transfer it away.
Measuring, mitigating and transferring risk are critical aspects of conflict and have been for thousands of years. Sun Tzu, the famous Chinese military strategist is attributed with saying: In simple terms to avoid losing, you must be able to defend. Knowing this, you...
In the aftermath of WWI, France built an elaborate defensive system that became known as the “Maginot Line.” It was designed to block an invading army and considered impenetrable. Hitler’s forces overcame these defenses by land, sea, and air to defeat France in 6...
The Signal to Noise ratio in Cyber Security is overwhelming because of all new devices entering and leaving the network. When you add in the Internet of Things (IoT) the numbers become staggering. The average traffic flowing through a network is twelve Terabytes every...