Secure Information Exchange - Whether It’s Data in Motion or at Rest

Caddyshack & The Defense of Cyberspace: No More “Wack-a-Mole”

February 22, 2010 at 2:33 am · Filed under Risk Management

By Toney Jennings, President & CEO of CoreTrace

Cyberspace defense has largely been a measure/countermeasure/counter-countermeasure game. The good guys build a fence and, in short order, the bad guys climb over it. The good guys build the fence taller and the bad guys figure a way over it again. I would not be the first to compare this reactive security approach to the famous “whack-a-mole” game, but I thought it would be a fun way to demonstrate the point.

A decade ago, it could be argued that the “mole” poked its head up with sufficient enough malaise that you actually stood a reasonable chance of bashing the little bugger on the head. Today’s threats, however, look more like the Caddyshack gopher–and traditional, reactive security solutions looking about as capable as Bill Murray.

In fact, the recurring revenue business model (upon which many security vendors are now based) has become dependent on this “whack-a-mole” reactive cycle. After all, if the moles keep digging fresh holes to pop out of, don’t I need to keep making my mallet bigger and faster to keep up with the furry little guy? And shouldn’t I be able to keep charging you money for this?

The problem, of course, is that eventually (and eventually is ALREADY here) you just can’t swing the mallet fast enough. As Craig Robinson, the COO of GlobalSCAPE, pointed out in his blog post earlier today, “cyberspace has become a new frontline in traditional and untraditional conflict.” In other words, there are an ever-growing number of “bad guys” who would like to get your data or keep you from being productive. They have enormous resources. And they are getting smarter. And faster. And more stealthy. It should be quite obvious that reactive approaches to security will eventually lose.

So, I have to agree wholeheartedly with Mr. Robinson. The development of next-generation cyber defense solutions that are proactive and move us ahead of the “whack-a-mole” mentality must be an imperative. Until then, I’m afraid we’ll continue to see the Caddyshack gopher dancing to “I’m alright.”

4 Comments »

  Guest Blog By GlobalSCAPE’s COO: Defending Cyberspace… — CoreTrace WhiteSpace wrote @ February 22nd, 2010 at 2:56 pm

[...] effective attacks (for an entertaining perspective on the topic, please read Toney Jenning’s “Caddyshack & The Defense of Cyberspace: No More “Wack-a-Mole”” post on GlobalSCAPE’s blog site). Those of us in the information security industry understand that [...]

  Bob Barker wrote @ February 23rd, 2010 at 3:43 pm

Maybe the “whack-a-mole” concept isn’t new, but it characterizes very well the predicament that providers of traditional blacklist security solutions find themselves in. As the cost of keeping up with the hackers rises almost geometrically, I expect to see products based on newer “whitelist” technology move into the mainstream for consumers in the same way they are currently conquering the most demanding enterprise environments.

  PCBA Assembly wrote @ September 1st, 2010 at 12:42 am

I also have to agree wholeheartedly with Mr. Robinson. Yes,the development of next-generation cyber defense solutions that are proactive and move us ahead of the “whack-a-mole” mentality must be an imperative.

  Pandora wrote @ December 9th, 2010 at 1:02 am

In fact, the recurring revenue business model (upon which many security vendors are now based) has become dependent on this “whack-a-mole” reactive cycle.

Your comment