Security Lessons From Nature – Pangolin
Normally in this section I pick one aspect of the natural world and focus on the security ramifications of that animal of adaptation. However, this doesn’t really do justice to the complexities that surround security posture. So today, we’re going to look at the pangolin.
Now, you can either hit the link and read all about it, or we can play the build-an-animal game. (The game is more fun.)
- Start with an anteater.
- Give it huge sharp claws.
- Now grant it the ability to spray a stinky acid like a skunk.
- Take the scales off a fish and glue them to the anteater.
- Thicken the scales so it’s armored like an armadillo.
- Sharpen each scale so it’s razor sharp.
- Oh yeah, they’re also good at tunneling and swimming.
- Now just for fun, lets expand their brains and make them little Houdinis.
Now let’s think for a minute about the threats that could have provoked such defenses. Before we had an anteater, we must have started with ants. That’s all well and good. After all, who doesn’t love a yummy meal of ants? Well, other than the ants, I guess. In the US, ants tend to build nests underground and just pile up the dirt outside. However, in anteater territory, ant and termite mounds are heavily armored, so our pangolins need big sharp claws to get to their food. Now, not only are ants yummy, but in areas where hyenas roam, so are pangolins.
Of course, the easiest way to make the annoying creatures go away is to spray them with a noxious fluid… though one has to wonder exactly how that particular defense mechanism came about.
Then there are the roaming large felines. Where those abound, it helps to grow large, thick, scales to protect yourself. Now, generally speaking, if you grew up in a world where your biggest threats are jaguarundi and sabertooth tigers (with respective Bite Force Quotients (BFQ) of 75 and 78), regular armor is probably fine. However, if your predators are clouded leopards and tigers (BFQs of 137 and 127 respectively), regular armor is apparently insufficient, and you need razor sharp scales instead.
So here you, safe against the abundant predators of Southeast Asia… except for those pesky humans. People of the area like to eat them and use part of them for medicine. Since humans tend to use tools that render claws, razor scales and explosive scent ineffective, it’s important to be able to run away. Thus, it helps to learn how to dig intricate tunnels and learn to swim out of range of these tools. Of course, some humans still manage to capture some pangolins, so it’s quite helpful be able to escape with ease.
Thus, through simple defenses against ordinary threats, we get an animal that seems almost mythological in it’s complexity. The same applies to business. We tend to build very complex systems with numerous layers of defenses, but each of them is targeted at attacks that manage to get through the outer layer of defenses.
We hardened systems, but attackers got through. We created firewalls, but attackers got through. We added application awareness to the firewalls, but attackers worked within the applications. We added kernel-level hooks to restrict what the application can do, and attackers still managed to get personal data. More recently, we’ve added Network Access Control, Data Loss Prevention, Buffer Overflow Protection and others. Of course, it’s just a matter of time until the attackers start working against those too.
Like the pangolin, we have to pay attention to new threats and adapt to new threats. If we don’t, well, the pangolin has an answer for that too.
Thanks to dotpolka for the use of the photo.