Fight Fire With Fire
Jared Sperli stashed this in security
latest from Joe:
Many in the security field hold the opinion that security through obscurity is not security. Malware developers would likely beg to differ. Their objection would be two-fold. Obscurity is a useful technique that has allowed them to bypass the most widely adopted security technologies. And their own efforts suffer when unknown security technologies are present in an environment.Malware developers often target their attacks rather than broadcasting them. Because of the prevalence of blacklisting-based security technology, this approach can be highly successful. Blacklists are inherently ineffective against unknown threats. Remaining outside of honeypots has allowed malware developers with little funding to defeat multi-billion dollar security companies.And on the other side of the coin, malware is significantly less capable of breaching environments with unknown security measures. These measures might be lesser known security products, obfuscated security technologies, decoy servers, or even proprietary tools created by an organization's IT staff. Regardless of the form they take, unknown security measures prove to be a hurdle few pieces of malware are capable of clearing. And every time a malware developer needs to research new technologies and formulate new code to bypass it, it is an investment of resources that cuts into profits.To me, the takeaway is that we need to fight dirty. We need to adopt some of the techniques that have made malware so successful to date and undermine the economics of malware creation. While malware may be able to defeat obscure or obfuscated security technologies, the additional costs necessary to succeed eat into profits. Malware developers can endure only so many Pyrrhic victories before there is no longer ample incentive to continue.