Home>Blog>The Hacker News Headlines>What Avengers Movies Can Teach Us About Cybersecurity
The Hacker News Headlines

What Avengers Movies Can Teach Us About Cybersecurity

Marvel has been entertaining us for the last 20 years. We have
seen gods, super-soldiers, magicians, and other irradiated heroes
fight baddies at galactic scales. The eternal fight of good versus
evil. A little bit like in cybersecurity, goods guys fighting
cybercriminals.

If we choose to go with this fun analogy, is there anything
useful we can learn from those movies?

World-ending baddies always come with an army

When we watch the different Avenger movies, the first thing we
realize is that big baddies never fight alone. Think Ultron and his
bot army, Thanos or Loki with the Chitauri. They all come with
large, generic clone proxy armies that heroes must fight before
getting to the final boss.

In the same way, serious cyberattacks are planned and delivered
by organized and structured groups of cybercriminals such as APT
groups with sometimes hundreds of members. In real-life scenarios,
attacks are coming from IPs (one or many) that have been stolen,
hacked, or bought by the criminals. IPs are their faceless proxy
army and if you want to get to the attackers, you need first to
burn that IP army down.

So how to do that? You can fight them alone and most probably
fail, or you can team up with other superheroes as the Avengers do,
and you might have a fighting-back chance. The keyword here is
teaming up and leveraging collaboration or crowd intelligence.

More concretely, this means sharing information on attacks, for
example. Most attacks leave traces in different systems, service or
application logs that can give indications on the attacker’s IPs
and attack types. Sharing those with other users can help
remediation preventively if those IPs show up on other people’s
logs.

Imagine this: Ultron’s minion IPs attack your server. Your IDS
will detect their activity in your logs, and if you have an
efficient IPS, you might block those IPs from doing further damage.
But how about you share those Ultron IPs with your neighbor? Or all
other people on Earth? How about all people on Earth will
preventively block those IPs? Ultron’s army can not do any more
harm. All it can do now is stop conquering Earth (or build a new
army). But in any case, you won. All this is because of the power
of the crowd.

Iron Man did not defeat Thanos alone

Let’s get a closer look at the Avenger’s team roster. You all
know their names and respective powers. But did you think about how
complementary they are? Hulk is the tank, Thor the heavy hitter.
Cap is the strategist, and he can deliver some close damage if
needed. Iron Man is the range attack expert. Hawkeye is the never
missing sniper. And Widow the perfect spy. They all bring different
skills and powers to the table, making the team so efficient (and
cool).

But back to cybersecurity. There are many tools out there that
can help prevent attacks. Some might be efficient in specific
situations, but there is no one ring to rule them all (ooops, wrong
universe ?). An EDR solution can protect your endpoints but will
not be useful to counter a DDoS. A SIEM tool will help you
centralize intelligence but will not help actively countering
malicious activity. An IDS will detect funky stuff ongoing in the
logs but will not act upon them.

So like the Avengers, you need a team of solutions that play
well together and cover as many scenarios as possible. First, you
need to detect and act. Choose an IDS and an IPS. Combine
it with a CTI to get third-party data to enrich your threat
database. Add some cybersecurity skills to operate efficiently. You
get the most efficient combo to counter threats.

Is it easy to put in motion? Well, it definitely requires work.
Interfacing those tools, making sure the data is flowing
efficiently between all those components can be challenging but, at
the end, most rewarding.

From the Avengers to real-life heroes

Crowd intelligence and integrated solution. This was the idea
behind the creation of CrowdSec.

Cybersecurity is an asymmetric game with attackers always having
the initiative, making the problem hard to solve for most companies
and people. You can throw money or technology at the problem, but
nothing will guarantee its effectiveness.

CrowdSec is proposing something
new[1], something that has
never been tried before at this scale. A collaborative IPS and IDS
that uses crowd intelligence to block attacks. Collaboration
between users to create a reputational and curated IP database to
make sure users are protected in real-time against Ultrons and
Thanoses of this world. Basically put, users contribute with
signals – IP activity flagged as suspicious: it can be anything
from brute force to credit card stuffing or scalping through DDoS –
and regularly receive an updated blocklist of IPs that are to be
“shot-at-sight” if they show up in logs. Think, Waze of
cybersecurity.

Attackers hide behind IPs. If we, as a community, can burn those
IPs, attackers will have no ammos left and will back down.

If you want to join the CrowdSec community, check out the
official website[2]. Oh, and it’s free and
open-source!

References

  1. ^
    CrowdSec
    is proposing something new     (crowdsec.net)
  2. ^
    official
    website     (crowdsec.net)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.