Rotate, Repave, and Repair

The Three R’s of Enterprise Security by Justin Smith from experience at Microsoft, Google, and Pivotal. Refreshing servers continuously gives intruders no time to deploy their hacks. medium

Justin Smith. twitter

With the confluence of the slowly changing socio-technical culture and attacks, gas is poured on the demand for security monitoring and detection tools. I guess the reasoning is something like, “It can’t change quickly, so change is a sign of a malicious actor.”

I’ll describe what I believe to be the single most important concept for an enterprise security organization to grasp when evaluating cloud infrastructure. It’s a radical change from the status quo, but I believe it will dramatically and immediately improve the security posture of any IT organization.

__Rotate__ datacenter credentials every few minutes or hours.

__Repave__ every server and application in the datacenter every few hours from a known good state.

__Repair__ vulnerable operating systems and application stacks consistently within hours of patch availability.

Faster is safer. It’s not a fantasy — the tools exist to make most of this a reality today. At high velocity, the three R’s starve attacks of the resources they need to grow. Time. It’s a complete 180-degree change from the traditional careful aversion to change to mitigate risk. Go fast to stay safer — in other words, speed reduces risk.

.

The Phineas Fisher recounting of the Hacking Team hack posted briefly on pastebin demonstrates the slow meticulous work required of a hacker. google