I was reading a post about red team vs blue team and all the support for purple teams and was struck with inspiration from one of the comments mentioned:
"(offense wins games, defense wins championships)"
They do not appear to be implying basketball and given the timing of the comment, they may have been thinking more about football. For me though, as a huge fan of Women's Basketball, I recognized it as a variation on a quote from the great Pat Summit:
"Offense sells tickets, defense wins games, rebounding wins championships."
And suddenly a hobby and work collide. My brilliant inspiration comes from how this really does apply to information security as well.
Everyone loves good offense. For some it is high flying dunk or a buzzer beater from half court. For others it is a successful, innovative attack as part of a red team. We attend "ethical hacking" courses because breaking into things is fun. Big exploits make the news and get cute little logos. Other crackers just keep working and getting two points here and there until it adds up on the scoreboard.
Defense is what is needed to win the game though. It doesn't matter how many point you put up if the other team is allowed to put up more. Can you prevent the problems in the first place? Have you done the basics of password security and patch management? Are we monitoring the logs? And even if it is done well, it might not make a stat line. Sure a couple blocks and few steals here and there but the standard box score doesn't list shot clock violations and a zone defense rarely makes the sports center top ten. The blue teams that prevent attacks from being expensive do not get badges (logos).
Shutouts are very rare and never in championship matches. Defense will not stop everything and even the best offense misses a lot of shots. Rebounds are how we react on a miss. Defensive rebounds end an opportunity for more points. The offense got a shot off, but if they miss, did you stand and watch or did you go after the ball and box out the opponent? If you are on offense and your shot bounces back, your goal is to secure the ball and try again. Attack another way, find another opening, maybe the same opening if you didn't get boxed out. With information security, are you monitoring logs, are your alerts set up correctly, are you reacting to even the missed attempt or are you just waiting and letting them take another shot? Are you boxing out?
Offense often comes down to skill and on the court, natural ability plays a big part. Defense can be taught with basic and repetitive drills. Rebounding is about heart. You don't have to be the tallest or biggest or strongest. Who wants it more? Who will go after the ball? Who can read the play and be the in correct position to respond?
And no one wins anything without a contributions in all areas and a whole lot of teamwork.
When it comes to programming and coming up with creative attacks, I do not have the natural abilities to make a good red team member. I am much more comfortable practicing defense and jumping into position to grab a rebound. Along with some post game analysis and armchair coaching!
-SML
No comments:
Post a Comment