**Walking Dead spoilers for episode 1 of this current season ***
I’m reading Advanced Persistent Threat by Eric Cole. It came out on November 27th in paperback form for $50 (seriously, is this priced for college bookstore use?). It will be available on December 27th for Kindle but only at a $10 discount. I may have a post about this book itself, but what I’m reading so far has jarred lose some thoughts worth blogging about.
Eric says that “your company is infected and you’ll have to live to learn with it” (p48). This goes back to his oft repeated maxim, prevention is ideal but protection is a must. This new form of attack does not smack you in the face by defacing your website, or accidentally rebooting every computer because of a poorly written buffer overflow attack. You have to work for finding it. Identification and containment are mandatory.
Every time my VP sees me, he asks me “are we secure”. Its one of those red pill blue pill moments, “do you really want to know.” It’s as if I’m the CDC guy whispering into Rick’s ear, “everybody’s already infected”
How does it change things if you approach your work with the assumption that you’re already infected. For starters, finding an infected machine isn’t a failure of your security measures. It’s just something that happened, and you need to investigate, detect further compromise, and make sure that avenue is closed as much as possible.
If you aren’t finding things, and you believe you’re already infected, don’t you spend more time looking?
Unlike Walking Dead, you can’t just wait until a person is about to die and then be vigilant for their zombification. The APT undead never stop probing, and inventing new ways to compromise.
Admitting we’re all infected sounds radical. But in a way, admitting defeat means freedom. Freedom to fail. Freedom to try new things. Freedom to do security.