The term “defense” evokes images like walls, moats, barriers, and shields. Maybe it is because for centuries there have been stationary targets to defend, and static defenses were built to defend them. It was the ground “we stood on” that was defended. Slogans like “Stand your ground” became part of the lexicon. Why is an ancient physical static defense strategy that resulted in the construction of the Great Wall of China being deployed to defeat the 21st Century dynamic digital attacks of on information systems?
When it came time to defend the emerging digital environment, concepts from the physical world were the status quo and were carried over into the digital environment. That status quo is a static defense.
Think for a moment: how fast is the brick that is used to build a wall? How fast is the electron that defends the digital environment? Even the fastest missile only moves at thousands of miles per hour. An electron moves at 186,000 miles a second! The attackers in the digital environment are much more agile and can change their tactics in microseconds. The defenders on the digital battlefield must move even faster in order to prevail.
A static defense, regardless of how strong, cannot prevail against an attacker whose agility and speed are orders of magnitude faster.
There is no better example of this than in the password/credential defense tactics deployed today. The status quo is still to employ stronger passwords, encryption keys, and credentials. Attackers simply ignore this tactic and instead use an agile approach to steal an existing key, no matter how strong, and log into the target rather than attempting a frontal static attack to break in.
Making static defenses “stronger” will not defeat this kind of attack. Being faster and more agile than the attacker is the only way to prevail. To defeat an attacker that is going to steal a password, encryption key, or credential, defenses must shift dynamically so that if (and when) security tools are stolen, they will not benefit the attacker. The challenge with this strategy is to create a dynamic defense without burdening ongoing operations.
Why has it taken so long to move from a static cyber defense to a dynamic cyber defense? The team at QWERX has analyzed that challenge and solved it with a simple answer. We would be delighted to demonstrate our patented dynamic defense solution for you.