Ben at IronFog points to this article by Kevin Jackson about maneuver warfare in IT security. An excerpt:
"By leveraging virtualization, high speed wide area networks and broad
industry standardization, new and enhanced security strategies can now
be implemented. Defensive options can now include the virtual
repositioning of entire datacenters. Through “cloudbursting”,
additional compute and storage resources can also be brought to bear in
a defensive, forensic or counter-offensive manner. The IT team can now
actively “fight through an attack” and not just observe an intrusion,
merely hoping that the in-place defenses are deep enough. The military
analogy continues in that maneuver concepts must be combined with
“defense in depth” techniques into holistic IT security strategies."
industry standardization, new and enhanced security strategies can now
be implemented. Defensive options can now include the virtual
repositioning of entire datacenters. Through “cloudbursting”,
additional compute and storage resources can also be brought to bear in
a defensive, forensic or counter-offensive manner. The IT team can now
actively “fight through an attack” and not just observe an intrusion,
merely hoping that the in-place defenses are deep enough. The military
analogy continues in that maneuver concepts must be combined with
“defense in depth” techniques into holistic IT security strategies."
and
"After picking up a grossly abnormal spike in inbound traffic, targeted
applications could be immediately transferred to virtual machines
hosted in another datacenter. Router automation would immediately
re-route operational network links to the new location (IT defense by
maneuver). Forensic and counter-cyber attack applications, normally
dormant and hosted by a commercial infrastructure-as-a-service (IaaS)
provider (a cloudburst), are immediately launched, collecting
information on the attack and sequentially blocking zombie machines.
The rapid counter would allow for the immediate, and automated,
detection and elimination of the attack source."
applications could be immediately transferred to virtual machines
hosted in another datacenter. Router automation would immediately
re-route operational network links to the new location (IT defense by
maneuver). Forensic and counter-cyber attack applications, normally
dormant and hosted by a commercial infrastructure-as-a-service (IaaS)
provider (a cloudburst), are immediately launched, collecting
information on the attack and sequentially blocking zombie machines.
The rapid counter would allow for the immediate, and automated,
detection and elimination of the attack source."
This is the type of thing that I was thinking of when I wrote about hyperdynamic processing in the ISSA Journal and on my blog:
Hyperdynamic processing – Darn straight I am making this
name up. What do you get when you combine vmWare’s Vmotion with address space
layout randomization (ASLR)? Well, hyperdynamic processing, of course! Think
about stable, transaction-oriented sessions (can I say that?) running in random
locations across the Internet providing protection against lower-layer targeted
attacks while maintaining a stable application environment.
name up. What do you get when you combine vmWare’s Vmotion with address space
layout randomization (ASLR)? Well, hyperdynamic processing, of course! Think
about stable, transaction-oriented sessions (can I say that?) running in random
locations across the Internet providing protection against lower-layer targeted
attacks while maintaining a stable application environment.
There are some obvious challenges here, like how you can maintain necessary contact with the user without tipping off an attacker, but the ability to spin up VMs quickly and migrate data, even sessions over has an interesting opportunity for future security interests.