What’s North of the Wall? Why cybersecurity is like Game of Thrones.

Cybersecurity winter is coming

Firstly, I was late to Game of Thrones but I’m now hooked. Here in the UK it is on TV on a Monday night so I spend most of Monday avoiding spoilers after it has shown the night before in the US. Secondly, this post tries to frame the modern cyber security landscape through a Game of Thrones lens and I have to warn you it might get a bit geeky.

If you haven’t ever seen Game of Thrones (GoT) it is the story of politics, war, power, dragons and a growing threat from an army of undead (called the White Walkers) north of a massive wall (according to the GoT wiki it is 300 miles long, 700 feet tall and is made of solid ice).

The_Wall

Let’s start there. Most organizations face a huge, faceless, unknown threat from outside their boundaries. That threat isn’t getting any smaller and is growing more complex every day. In GoT, the wall is manned by The Night’s Watch, a small group of soldiers who wear black. That’s your security team. They probably wear black, may not carry swords but are understaffed and it is their superhuman efforts that keep a company (Seven Kingdoms Ltd) safe.

But they are under constant attack and they know that “winter is coming” (GoT speak for the White Walkers getting through the wall). Your security team knows that it is ultimately impossible to keep them outside the wall forever. You will be breached but what do you do when the threat gets through the wall? Also – what happens when the threat is already inside? One of the recent storyline features exactly that – a traitor from within the Night’s Watch. As with all good dramas, there is also a threat from traitors within. GoT has featured a number of betrayals that lead to unpleasant outcomes. Sadly, the same is true with security breaches. The modern security team needs to use data to find possible insider threats.

In Game of Thrones, there are many different families (protected South of the wall) who make it clear that they don’t get on very well with a lot of battles and infighting. These different families all have their own weapons, tactics and skills (Lannisters have the best resources, Greyjoys have the best navy, the clans of the north are hardy and have the best fighters). These are the different silos and departments inside an organization. Each has its own data, tools and processes.

With the growing threat from “North of the Wall” those different families or departments need to stop the infighting and join together to unite against the common enemy outside their boundaries.

TheWall

Nobody knows how GoT is going to end but we’re halfway through season five now and the different armies are starting to come together and it seems like we’re lining up for a series of telling battles. Internally, organizations need to combine forces and share their data to deal with an inevitable breach by superior numbers that are constantly growing. This pulling together of allies maps well to Splunk’s Adaptive Response initiative of getting together all your allies (security vendors from across the ecosystem) to fight against the common cause.

A lot of the battles in GoT use traditional forces fighting hand to hand with swords, spears, axes and bows. These traditional forces in the context of security team are your firewall devices, antivirus etc. GoT is starting to feature more advanced weapons and tactics including dragons and visions of the future (you have to watch it). This translates surprisingly well into the advanced weaponry of the modern security team with centralized visibility by collecting all data within an environment – from security systems as well as from non-security-systems, allowing the security team to swoop down and breathe fire on any attackers who’ve breached the wall.

Don't mess with a modern cybersecurity team...

Don’t mess with a modern cybersecurity team…

One of the characters in GoT, Bran Stark, has been in training for a couple of years and can now see visions of the future. In security speak, this is the equivalent of machine learning and the use of predictive, data driven security analytics to see the problems that are going to happen and use that insight to make the right decision to tilt the battle in your favour.

We’ll wait and see how Game of Thrones ends but the enemy is North of the Wall and the best chance of victory is by getting your forces and data together with the right advanced weapons and tactics.

 

Winter is coming…

As always thanks for reading.