Security, and everything we do to promote, build, and enhance it, is driven by one and only one factor: the threat. Should your attacker bring to the battle more imagination than you, then he might imagine an attack scenario that you did not have the imagination to conceive, and hence defend against.
The cyber war is therefore a race of imagination. From all the possible ways in which your security could be compromised, the attacker needs to identify only one that you failed to defend against. Since you cannot identify and specify all such attack scenarios, you are well advised to respond with abstraction of the threat: rating the degree of a threat without fully specifying how the threat will materialize. One can then put forth defenses which are reasoned to be helpful, even without detailed specification.
Case in Point: infiltration and data theft was dramatically reduced after a client has periodically (automatically) rewritten software with no material, only cosmetic changes, like renaming variables, and throwing in random comments. The hackers, in ways that remain a mystery, apparently replaced parts of the original code with malware. The introduced changes defanged the attacks.
Threat Abstraction is an emerging security strategy that is not easy to adopt. Come to think about it, abstraction is more effective (not to speak of much less expensive) than White Hat Hacking. Since the latter simply cast the imagination of the White Hats against the imagination of the Black Hats. The latter are at the battlefield for much longer, and for a much greater reward. And besides, the slightest upgrade or modification in any relevant piece of software requires a new White Hat examination, while the Threat Abstraction Analysis is much less volatile.
Threat Abstraction sounds very, shall we say: abstract; so just invite us to conduct an AbstracThreat analysis of your security threats. For many qualified clients we offer no-risk guarantee. If you decide to implement none of our recommendations, the analysis is free.
Write to me, Gideon Samid.
17 Meir Ya'ari Street
Tel-Aviv 69371 Israel
Rockville MD 20850 * USA