Nightingale Floors

By Tom Kellermann


Cyberspace in 2017 is a free-fire zone with a multiplicity of actors.  The absence of norms creates a perfect storm for a cyber-insurgency which has been raging in American cyberspace for the past year.    As most of us recognize, we are on our own.   The government isn’t going to civilize cyberspace.   This stark reality necessitates a defensive paradigm shift.  One must look at the lessons of history to adjust our stratagems accordingly.

In feudal Japan, it was acknowledged that the assassins would bypass perimeter defenses.   Responding to the adversary within the perimeter was tantamount to survival thus nightingale floors were deployed.

“Nightingale floors, or uguisubari, were floors designed to make a chirping sound when walked upon. These floors were used in the hallways of some temples and palaces, the most famous example being Nijo Castle, in Kyoto, Japan. Dry boards naturally creak under pressure, but these floors were designed so that the flooring nails rubbed against a jacket or clamp, causing chirping noises.” (Wikipedia 2017)

Our current architectural paradigm is flawed. The cybersecurity standards of today do not mitigate the modern kill chain. A forward leaning Cybersecurity strategy entails the following:

  1. Intrusion Suppression versus Defense in Depth: Limit Dwell time
  2. Information Supply Chain oversight and risk mitigation
  3. Modernization of Incident Response

Proactive CISO’s must focus on inside out security.  This requires the elimination of dwell time and a correspondent capacity for telemetry. There is no need to rip and replace your firewalls and end-point security solutions.   The goal should be to manifest intrusion suppression .  Hunting the hunter begins with detecting the adversary’s lateral movement and subsequently deceiving the adversary to enter a contained zone. From there the defender can begin to respond with active defense.

  1. Deploy a DeceptionGrid.
  2. Deploy User Entity Behavior Analytics.
  3. Deploy adaptive authentication with contextual verification.
  4. Embrace memory augmentation.
  5. Integrate Intrusion protection systems with Breach detection.
  6. Require regular red teaming.

The ROI of cybersecurity is the delta of dwell time from year to year. At Strategic Cyber Ventures we invest in cybersecurity companies that disrupt advanced cyber adversaries and revolutionize the cyber product marketplace.   Your brand protection requires sage cybersecurity investment.

We will be giving a speech: Investing and Intrusion Suppression at Zero Day Con. Hope to see you there.