SOC-as-a-Service, SOCs and SIEMs
Louis Evans

What The Three Little Pigs Can Teach Us About Cybersecurity

Last night, as I was putting my kids to bed*, I read them the classic children’s story, “The Three Little Pigs”. And you know what it got me thinking about—cybersecurity.

Probably everyone in the audience is familiar with the tale, but I’ll lay out the basics just so that we’re all on the same page- then we’ll get into how this classic old tale could possibly connect to the new, cutting-edge concept of cybersecurity.

Our story starts with three little pigs—small, plump, delicious, and utterly opposed to being eaten. The three little pigs each build a house—the first pig out of straw, the second out of sticks, and the third out of bricks.

Then the wolf shows up. It asks the first pig for permission to enter; the first pig (sensibly) refuses, and so the wolf huffs and puffs and blows the house down. Pig numero uno flees, curly tail between its legs, to the house of the second pig—only for the wolf to follow it there.

The stick house is no more huff-and-puff-proof than the straw house, and so soon enough pigs one and two are running for their lives again. They hole up with pig three, the one with the brick house. The wolf comes knocking, and after the pigs refuse him entry, he huffs and puffs once more—but the house of bricks holds firm!

The wolf then gets it into his head to come in through the chimney. But the pigs hear him coming, boil a big pot of water in the fireplace, and when the wolf comes in, they catch him in the pot and cook and eat him. (It’s a pig-eat-wolf world out there.)

Now, what does any of this have to do with the state of cybersecurity?

The straw house represents an unsecured network and its systems.

The house of sticks represents a network environment that’s using point security solutions.

The real strength in a brick house is in the design: an interlocking set of components that leave no gaps for an attacker. In the cybersecurity world, that would be a comprehensive security strategy.

Well, the way I see it, the house of straw represents an unsecured network and its systems. This is the old way of doing things, the early intranets. There was no need to protect anything, before cybercrime was a meaningful threat! Even nowadays you can find a handful of organizations that haven’t put any thought into securing their networks—but usually a big bad wolf comes along pretty quickly and shows them the error of their ways.

The next house, the house of sticks, represents a network environment that’s using point security solutions. An individual stick is much stronger than an individual piece of straw. In the cybersecurity world that might mean the use of endpoint security, best practices for controlling traffic to and from specific servers, limited port access, and so on.

The problem for our pigs is that the individual sticks don’t provide any real security. Real security comes from the house—from the integrated environment formed by your network, servers, and systems. No single security tool can protect you, unless it’s part of a seamless, comprehensive security solution.

That brings us to the house of bricks. Now, bricks are stronger than sticks or straw. But the real strength in a brick house is in the design: an interlocking set of components that leave no gaps for an attacker. In the cybersecurity world, that would be a comprehensive security strategy, including a solution that monitors all relevant tools and correlates their data.

But even the brick house wasn’t enough to stop the big bad wolf. In the face of robust security, the big bad wolf changed tactics: it targeted the vulnerable opening of the chimney.

The cybersecurity parallels are impossible to ignore.

If you want to protect your computer from hackers, there’s one foolproof way to do it. Take out the wifi card and the Bluetooth antenna; get into the USB ports with a plier and really mess them up. Stick a carrot in the Ethernet port. I guarantee you you’ll never catch another virus from your email again.**

Of course, you’ll never read another email again, either. At the end of the day, we need to keep our computers attached to our local and global networks—the value of network operations exceeds the risks. But when we’re networked, a smart attacker—like a big bad wolf—will be able to identify our vulnerabilities and go after them.

That brings us to the final piece of the cybersecurity fable: active monitoring. When the big bad wolf couldn’t huff and puff his way into the house of pigs, he didn’t give up. But the pigs didn’t let themselves become complacent either. They watched and they listened. When they heard his feet coming up the roof—when they detected early indications of compromise—they prepared an active response, isolating and defending the threat vector.

No matter how carefully you build your house, attackers are still prowling around outside. Sooner or later, one of them will recognize a vulnerability, and move to exploit it. You need to be prepared for that day, ready to identify early signs and act swiftly to deny access to your systems and data.

At Arctic Wolf Networks,*** we provide single pane of glass visibility into your security solutions—and the dedicated security engineers to stand guard, day and night. We’ll help you build your house of bricks—and when the wolf comes through the chimney, we’ll help you get ready underneath, with a nice, boiling pot.

Protect your home from the big bad wolf. Learn more in our eBook, “Protecting Against the Top Five Attack Vectors.”

 

 


*Not really. I don’t have kids—yet! Growth mindset!

**Of course, if you want to be more secure, check if you’ve got a disk drive, and if you do, shove a piece of baloney in there. Tada! Now your computer is only vulnerable to an attacker entering hostile code by hand—and you can protect it from that by locking it in a briefcase, welding the case shut, and dropping it to the bottom of the ocean.

***Don’t let the name fool you! We’re one of the good guys.