Its 10pm night time…..someone knocks on your door…you answer the door….a total stranger……you invite this stranger in…….ask him to sit on your sofa……he is sitting there……it now has been 24 hours….this stranger is still sitting on your sofa…
Can you say he is a good guy?
Of course not!
Absence of bad behavior does NOT make this stranger a GOOD person! <–Please read and digest this over and over!!!
In today’s Cybersecurity world the stranger you invited is “Assumed to be good” almost instantly because it did not display any bad behavior! <–Please read and digest this over and over as well!!!
If you truly understand the meaning of the above two sentences, you should be ready for a “Mentality change” in the way you think about Cybersecurity and which posture to employ.
You now understand the security posture you deploy has to be based on “Guilty until proven innocence” security posture and not “innocent until proven guilty” as it is today . Until a piece of code is “Proven to be Good”, you have to run it within “restrained virtualization” so that if they turn out to be not so innocent, no damage will occur. And NO, scanning using AV, Next Gen endpoint, AI, Machine Learning or EDR is all about “looking for a bad behavior”. If they see no bad behavior, it doesn’t mean that code/file is good! All these cybersecurity products and vendors allow the “stranger” / “code/file” to execute just because they have not seen a bad behavior! Recipe for disaster! How many disasters have you been reading on News or even be subject of! Doing the same thing, expecting a different outcome is Insanity! Change the way you think, change the way your protect yourself!
“Guilty until Proven Innocent” is the new standard in Cybersecurity!