Why poker is the game for IT security professionals
Understanding situational awareness is crucial
Published 14:36, 06 July 12
One of the more common analogies associated with cyber-security, is the chess analogy. The matching of chess and hacking/cybersecurity was prevalent in 2003's The Hacker's Handbook: the Strategy Behind Breaking Into and Defending Networks by Susan Young and Dave Aitel.
The problems with the chess analogy are it is a one-on-one game, it has a set endpoint, and all of the pieces are visible. With Hold'em, you don't have any of that. There are multiple players who must be contended with, the game can go on forever, and most importantly it is all about imperfect information. You don't know what your opponent's hole cards are while you get to see your cards and the common cards.
The key to victory is making informed decisions by collecting and processing a great deal of information. Yes Hold'em can be played by just looking at the cards and calculating odds but there is so much more situational awareness information available to aid in the decision making process. Table position is a key indicator - a person will bet with a weaker hand the closer to the dealer they are. The size of the bet is another indicator as is the reputation of the player. A great, or at least winning player, processes all of this data to determine how strong his hand is relative to the other players.
For cybersecurity we are seeing this same dynamic play out. Instead of the narrow view of chess, people are looking for a wider view using all of the information available to them to allow them to improve their decision making relative to their cybersecurity risk posture. So when you think about something like table position, the security analogy can be what is the value of a specific asset relative to the protection being afforded that asset, or bet size or reputation of a player can be thought of as how does a device's action match against an established norm, or what is the reputation of the IP address or file.
The collection and processing of divergent security information is utilizing situational awareness data just like the poker player does. A recent trend among vendors is to give users tools to play the cybersecurity game more like poker than chess. Technologies are now able to integrate normally siloed security information -- such as data flows, log reports, threat data, vulnerability assessments, configuration data, asset data, performance metrics, and identity information - which allows enterprises so gain an incredible amount of information on their security posture and to root out hidden threats. EMC, eIQ Networks, and McAfee are among vendors providing situational awareness.
By using these vendor's situational awareness solutions, organizations have more awareness of what is happening around them so they can make important decisions based on calculated risk management and not just on what cards they hold. The key to know when to bet, hold, or fold.
Posted by Charles Kolodgy, Research Vice President IDC