Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CIOs must look to adaptive security systems in face of evolving threats

Kenneth Corbin | March 6, 2014
Microsoft's government security expert warns that there's no such thing as perfect security, so systems must be able to adapt and respond to attacks on unforeseen vulnerabilities.

In any sophisticated modern system, the areas where the product deviates from its intended functions are typically where the vulnerabilities will be found. Because those weak spots are unforeseen, though, it's impossible to defend them against targeted threats thoroughly and preemptively.

"This is the equivalent of asking yourself, 'What is it that I do not know?' That is a very difficult question to answer," Aucsmith says, arguing that adaptability is an essential feature to enable systems to cope with attacks on unanticipated threat vectors.

"We are building systems that are far more complex than our ability to completely understand their behaviors," Aucsmith says. "So in essence ... I have a highly complex system whose complete behavior is not knowable, and I now place it in front of a dedicated adversary. That is a guarantee that the system will be breached. So rather than fool ourselves that we can produce systems that can never be successfully breached, we have to rethink what we do.

Concludes Aucsmith: "This is not an argument, by the way, that we shouldn't do the absolute best that we can to build systems. Rather it's an argument that that is by and in and of itself insufficient."

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.