Using Hollywood to improve your security program
by Dwayne Melancon - CTO at Tripwire - Tuesday, 29 July 2014.
I spend a lot of time on airplanes, and end up watching a lot of movies. Some of my favorite movies are adventures, spy stuff, and cunning heist movies. Recently, I realized that a lot of these movies provide great lessons that we can apply to information security.

Lesson 1: Be paranoid about handoffs and blind spots

Many data breaches occur because attackers take advantage vulnerabilities in the “spaces between” different functions. They exploit these weaknesses, often during a handoff from one silo to another.

For example, there are a lot of movies in which criminals take advantage of short-term blind spots to do a “switcheroo.” In a lot of heist movies, a truck goes into a tunnel filled with gold but when it exits at the other end of the tunnel the criminals have swapped it for an identical truck filled with something worthless.

The lesson here is “trust, but verify.” Try to instrument as much of your process as possible to minimize blind spots and, when something (a system, a transaction, an install package, etc.) is out of your control for some period of time, validate it before you assume it hasn’t been tampered with.

Lesson 2: Use baselines of what’s normal, so you can quickly detect the abnormal

[Spoiler alert!] In the movie, “The Inside Man,” the police spend a lot of time trying to figure out how criminals got something valuable out of the bank, but are never able to figure it out. In reality, the “stolen” item had never left the bank at all – the criminals had added a false wall in the vault, and one of the criminals was in the resulting hollow space with some food, water, and a bunch of diamonds. He waited a while for the frenzy to die down, left his crawl space, and simply walked out of the bank unnoticed. This technique worked because nobody noticed that the vault room was slightly smaller than it had been in the past.

From this movie, we can learn to rely on baselines and automation to catalog the normal and expected state of things, so we aren’t fooled by the equivalent of a false wall in your infrastructure. Cyber criminals can hide things in plain sight by tucking them away inside an alternate data stream that is invisible to your normal file management tools. Take steps so you aren’t fooled by innocuous appearances. Use file hashes, transaction checksums and signed components to ensure that even subtle changes are brought to your attention.

Lesson 3: Beware of distractions, imposters, spoofed information, and sleight of hand

OK, Lesson 3 is really a bunch of lessons all rolled into one, but I loved the movie so bear with me (and yes, this is another Spoiler Alert).


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th