The Minotaur and the Labyrinth - A Tale of Cybersecurity & Big Data
This post originally appeared on LinkedIn. It has been reposted with the author’s permission.
Have you ever heard the tale of the Minotaur and the labyrinth? Allow me, dear reader, to take you on a journey through Ancient Greek mythos and the direct relationship to our current cybersecurity battlefront. Skip this article if you believe security is simply solved via silver-bullet products that will 'do all the defenses' once you sign a purchase order. Continue reading to find out the truth about how the real heroes of this modern day saga are the very capable folks on your security teams equipped with the right combination of tools and knowledge.
I've spent a reasonable amount of time working for the US Navy and with a few other Government agencies where a recurring theme in project planning and execution is catchy project names/themes. So the first time I heard the word Daedalus, actually I saw it written, I had to do some research. My mind was blown.
In my research, I discovered Daedalus was actually a hero from Ancient Greek lore. He was a revered engineer, to be more specific, whose renowned building skills are most familiar when discussing his son Icarus whom Daedalus built wings of feather and wax for– wings that he eventually used to fly a little too close to the sun. Icarus is a tale of hubris and tact worth telling but best reserved for another day. The center of this post requires focus on a different story, one involving Daedalus and an elaborate method of defending against a mythical attacker using brain over brawn.
The story goes that the King Minos of Crete was plagued by a legendary monster, the Minotaur, who was part man part bull. His origins were the result of human-meddling, curiosity and spite. The Minotaur had a certain taste for humans, and King Minos, for many reasons in his effort to defend the people of Crete, just couldn't kill this monster. I liken this to every organization or enterprise trying to defend themselves from cyber villains who are cunning, crafty and have the advantage of being one step ahead where physical eradication is all but impossible.
So King Minos brings in our hero Daedalus. Applying some quick thinking and heavy brain power, Daedalus designs and builds the most elaborate maze ever constructed. If he couldn't kill the Minotaur, he was going to trap it forever. I liken this to every organization or enterprise staffing personnel and buying security products in an effort to build an ever expanding labyrinth to detect and/or prevent cyber attackers. It is the right thing to do.
Where this story takes a cautionary tale, and is directly relatable to every CISO out there, is Daedalus built the labyrinth too well. The maze worked amazingly to stop the Minotaur's reign of terror in at least slowing it down...so much so even our maze designer, Daedalus, thought it impossible for him to find his own way out! I liken this to the eventual evolution in maturity of most security teams who have dumped all of their security data into a data lake for Threat Hunting and data discovery, but in practice, weeding through all that data and hunting for a needle in a stack of needles is not much different than navigating a complex labyrinth.Cool story, but so what? The “so what” is that we have built a maze out of our custom security stacks of varying complexity, and for most this is the right answer and contains all the right data. Evolving to data lakes for behavior, association analytics, event clustering and trends is the right answer. Building a better labyrinth to trap the Minotaur is the right answer. What's missing is the right tool to help security teams normalize and navigate the labyrinth since Daedalus is long since dead. Something that’s a little easier for the average security team member to pick up day one and start hunting the Minotaur. There's a new project name for you to explore: Theseus. Contact FireMon to learn more about a tool that can do exactly that- Immediate Insight.