In Cybersecurity, the Fastest Decision Maker Wins Most Often

Share and earn Cybytes
Facebook Twitter LinkedIn Email

During the Korean War, John Boyd, an Air Force pilot and military strategist, studied why the F-86 Sabre was so successful in shooting down the Russian MiG-15 of that generation. Boyd discovered that the U.S. planes, while inferior to the Russian MiG in terms of speed, range, and altitude, were more maneuverable and therefore able to act faster than the MiG could react.

Boyd characterized the Sabre’s ability to turn in rapid response to the more cumbersome MiG as thinking and reacting ahead of the enemy. His system was to gather all the facts, observe the way the target reacted, process all the information, and then make lightning decisions. He called this an OODA loop – Observation, Orientation, Decision, and then Action. The strategy? The decision maker that moves fastest through the OODA loop beats their opponent by acting first and thereby changing the situation for an adversary.

John Boyd’s strategy resonates when thinking about cybersecurity.  I’ve often compared cybersecurity professionals to spy hunters that deploy effective counterintelligence to beat rival attackers.  For some time now, I’ve preached that we must hunt the threats before they hunt us.  These ideas mirror Boyd’s strategy for modern times.  A cyberattack places the target in an OODA loop that requires a lightning fast response.  Reacting to a cyberattack will always be too late.  

In order to win the OODA loop paradigm, security teams must make a superior, faster decision than the attacker using only the information directly at hand.  Boyd’s theory centered on how we view the world around us as we insist it should be rather than shifting our perceptive to incorporate circumstances as they change.  In the world of cyberattacks, circumstances, attack vectors, different malware and new exploits change on every day that ends in a Y.  If we are not able to think with flexibility, adapt quickly to changing circumstances and make a decision that beats our attacker to the punch, a catastrophic breach may occur.

Effective cybersecurity will orient faster to an actionable decision than an attacker.  Such cybersecurity will focus on a few critical areas to always win the OODA loop:

Security will focus on the endpoint. This moves security and response closest to the most common point of attack – the human that makes a mistake.

Decisions will be made with the best available information.
During an attack there is no time to conduct research or ask for help. Security will leverage big data and analytics, instantly updated from the cloud to make the best decisions. 

Security will move to a collaborative approach.
When threats and exploits are shared among many people, the potential attack surface is mitigated.  If one member on an ecosystem is attacked, all other members will know about the attack and immediately orient to act to prevent future attacks.  This will make the cost of designing an attack higher than the gains from successfully attacking many consumers.

Security operations will be simplified. Recall that the first party to effectively orient to a situation, decide and act wins.  By simplifying operations, security can move protection through the process faster than the attacker.


The post In Cybersecurity, the Fastest Decision Maker Wins Most Often appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?