Any martial arts enthusiast—or anyone who at least enjoys martial arts movies—is probably familiar with the concept of “tenkan,” or movements that redirect the opponent’s attack momentum. The modern Japanese martial art of Aikido places considerable emphasis on this concept and centers around the philosophy of overcoming the self rather than focusing on aggression or counterattack. Tenkan has become a central pillar for those seeking to master the art of self-defense.
The idea of neutralizing an attacker’s efforts by redirecting their movements is a familiar one to cybersecurity professionals, who have been utilizing similar strategies for many years. In fact, feints, holds, and careful observation, are tactics common to both network defenders and Aikido practitioners. And with cybercriminals attempting to infiltrate networks in ever more cunning ways, defenders are increasingly looking for ways to redirect those efforts to their advantage.
What Network Defenders Can Learn from Martial Artists
Discipline, patience, and observation are critical to both cybersecurity professionals and martial artists. By studying one’s opponents and using that knowledge, one can anticipate their actions and use that against them. Where a martial artist might pretend to leave an opening in the hopes of drawing their opponent in, a network defender might sprinkle lures and decoy assets to entice attackers into giving away their presence. In both cases, this serves to not only protect the organization from harm but provide a glimpse into the attacker’s favored tactics and strategies.
Martial artists generally espouse the benefits of avoiding conflict, but they understand that they can’t always prevent them. Likewise, although there are countless tools like firewalls and anti-virus programs designed to defend the network perimeter, today’s network defenders understand that it is impossible to prevent 100% of attacks. Inevitably, an intruder will infiltrate the network, and it is critical to have a proactive plan for what happens once attackers get inside the network.
Understanding the Techniques an Attacker Uses is Key
Visibility is crucial to both cybersecurity and martial arts—and that doesn’t just mean having a clear understanding of known attackers, but also the techniques they will use across various attack surfaces. A defender who cannot visualize the attack surface and understand its weaknesses is like a martial artist who cannot see their footing: both are likely to stumble and fall.
For IT professionals, network visibility provides the ability to visualize potential attack paths and anticipate intruders’ movements. By identifying things like cloud misconfigurations, exposed credentials, highly privileged users present where they shouldn’t be, and other potential vulnerabilities, defenders can address them before an attacker can exploit them. Think of a martial artist identifying ways to use the environment to their advantage, such as luring an attacker into losing their footing or hiding and denying access to the data or privileged access they need.
Don’t Be Caught Unaware
In martial arts movies, the hero is often the victim of a cowardly sneak attack from behind. Unfortunately, backdoor attacks are a staple for cybercriminals as well. The recent high-profile SolarWinds attack involved attackers compromising the company’s Orion products and inserting malware that created a backdoor into the networks of customer organizations using the compromised product line.
These backdoors are particularly dangerous, as they enable attackers to circumvent traditional perimeter defenses and can be extremely difficult to detect. Just as martial artists must defend against attackers venturing inside their reach, IT professionals must enhance their security controls so that they can efficiently identify suspicious lateral movement within the network—not only at the perimeter.
Adversary Intelligence for Shaping a Successful Defense
Careful study is vital to both practices. When defenders can safely isolate an attacker within a sandboxed or deception environment, they can study the adversary, replay its activities, log its tactics, and correlate them together. Like a martial artist observing their opponent, this will equip them to better prepare for the next attack.
For instance, understanding that attackers will target Active Directory to gain privileged access means that defenders can assess this attack surface’s weaknesses, harden systems, and allocate additional defenses that can repel or redirect those attacks. Understanding the tactics, techniques, and procedures (TTPs) and indicators of compromise (IoCs) associated with a particular attacker can make it possible to anticipate an attacker’s actions and prevent them from establishing a foothold.
Attackers Will Know Your Weaknesses and So Should You
Adversary intelligence goes both ways, and attacks will try to collect as much as they can. This dynamic means that defenders must also understand their weaknesses and improve in the same way a martial artist trains to isolate and fix deficiencies in their skill set.
Understanding a network’s vulnerabilities based on likely attack techniques, such as those found in accessing AD, or the attack paths that an intruder can potentially take based on exposed credentials, can give defenders the power to anticipate the force attackers will direct at them and redirect it. Like a martial artist’s feints and misdirections, decoys and lures can serve to draw attackers away from their targets and into traps, tricking them into revealing their playbooks, and enabling defenders to safely study them.
The Overlapping Principles of Self Defense and Network Defense
Like martial arts, cybersecurity comes in various forms, and each of those particular forms has countless interpretations and styles. Across all of these forms, principles like situational awareness, redirection, and study of oneself and one’s opponent stand among the central tenets. Like martial arts, cybersecurity does not need to be about aggression, but instead about mastering one’s environment and using it to deflect and redirect the actions of one’s adversary.
Today’s cybercriminals are developing more innovative attack tactics and using modern technologies like artificial intelligence that result in more destructive and expensive attacks. IT professionals seeking to protect their networks should heed the lessons that martial artists have to offer: rather than succumb to the temptation of attacking back, they can use their opponents’ force against them to negate their advances and mitigate their impact.
Read the original article at Hackernoon.