Blog

Effective security involves having both a solid offense and a solid defense. One without the other is completely ineffective. A solid defense is usually what organizations excel at: network architecture, firewalls, policies, procedures, and other protection mechanisms. A solid offense comes in active action to identify and resolve additional security risks, and active monitoring and incident response. Unfortunately this is where many companies fall down.

Drawing from a military analogy, any military commander knows when working against a hardened position, your first actions are to conduct reconnaissance, and then to probe the defenses (through small scale attacks) for weaknesses. Once weaknesses are found, they are exploited. The bold tactician is rewarded, and the complacent defender is compromised. Karl von Clausewitz (1780-1832) was a Prussian general and military strategist that wrote in his book On War, “Given the same amount of intelligence, timidity will do a thousand times more damage than audacity.” Here the analogy pretty much ends, however, because industrial customers deal with malicious external attacks, and they also deal with the internal and the unintentional. It is unwise to get too wrapped up on the threat agent, however, if the threat vectors already exist.

The analogy is appropriate, however, as all too often we become complacent. Risk analysis that is not done by a qualified external party tends to favor the assessor, showing little to no risk, as often it’s the conventional wisdom. Or, we allow our environments to age without proper refreshing of hardware and software, improper patching, the list goes on. Let an environment continue to sit, and more weaknesses will arise through hardware faults and failures, software failures, and a greater sense of awareness and discovery of security threats.

While most companies tend to focus on defensive measures, relying on passive assessments with minor active testing, Wurldtech believes that most companies already have something of a good defense. Why spend time doing the same assessments, the same ways, and thinking we’ll get different results? We often run into customers that have conducted as many as six to ten vulnerability analyses in recent years, and they often come up with minor variations on the same theme.

Our aim is to change the rules. While we know of and can help implement the latest in defensive techniques for industrial networks, we also can bring the offensive element. Over the next few weeks, I’ll talk more about our offerings and how we believe they fit into an overall strategy.

The recent announcements on Achilles Health Check and Delphi represent what we believe to be two industry firsts on how to develop better security analysis and remediation capabilities. We have already received wide recognition even among IT circles for these offerings (check out Wurldtech, Health Check, and Delphi in your favorite search engines), and a number of companies and customers have already stepped up because they see the value in finding issues that can compromise their environment. Health Checks have over a 95% success rate in finding critical issues within two hours. Delphi looks to extend our information capability to look at trends and issues and then use that intelligence on legacy devices to build better protection capabilities. Overall, this is a very exciting time for Wurldtech as a company, and the industry as a whole. Let this not be confused with marketing fluff… the reason we know this to be true is that many key partners, large scale security providers, and many of the world’s largest and smallest vendors alike are standing up and taking notice.